California Privacy Protection Agency Releases New AI Regulations
The California Privacy Protection Agency has finalized new regulations under the California Consumer Privacy Act, significantly expanding requirements for businesses and employers handling consumer data and using automated decision-making technology (ADMT).
Effective Jan. 1, 2026, the regulations introduce new mandates around consent, transparency, and data governance. Employers and businesses using ADMT for “significant decisions” — including those related to employment — must provide advance notice, offer opt-out options, and allow individuals to appeal automated outcomes. The rules also establish mandatory risk assessments for high-risk data processing activities and annual cybersecurity audits for companies meeting specific size or data thresholds beginning in 2028. These audits must be conducted by independent professionals and retained for at least five years.
SHRM is closely monitoring the regulations’ implementation and the potential impact on employers that use AI tools for hiring and workforce management. The organization will continue to advocate for clear guidance, regulatory flexibility, and alignment with federal standards to ensure compliance while maintaining practical and effective workplace operations.
An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.
Related Content
Learn how Marsh McLennan successfully boosts staff well-being with digital tools, improving productivity and work satisfaction for more than 20,000 employees.
The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.
As artificial intelligence technology continues to develop, the demand for workers with the ability to work alongside and manage AI systems will increase. This means that workers who are not able to adapt and learn these new skills will be left behind in the job market.