California

Subscribe to California via RSS

On November 18, the California Privacy Protection Agency (CPPA) announced the creation of a Data Broker Enforcement Strike Force within its Enforcement Division to investigate alleged violations of the California Consumer Privacy Act and the Delete Act’s data broker registration requirements. The Agency stated that the new unit will expand its review of the data broker industry and support implementation of the Delete Request and Opt-Out Platform, which will allow consumers to submit a single deletion request to all registered data brokers beginning in January 2026.Continue Reading California’s Privacy Protection Agency Creates Data Broker Enforcement Strike Force

On October 30, the California DFPI entered a consent order with a residential mortgage lender and servicer following a regulatory examination and a directed self-audit. The DFPI alleged violations of the California Residential Mortgage Lending Act and California Civil Code provisions governing when per diem interest may begin to accrue.Continue Reading DFPI Orders Mortgage Lender to Pay $100,000 for Alleged Per Diem Interest and Recordkeeping Violations

On October 30, the California DFPI announced a consent order against a Nevada-based crypto kiosk operator for alleged violations of the Digital Financial Assets Law and the California Consumer Financial Protection Law. The action follows a DFPI investigation into widespread noncompliance among crypto ATM operators, which the agency has identified as a growing consumer-protection concern.Continue Reading DFPI Fines Kiosk Operator $675,000 for Alleged Violations of the Digital Financial Assets Law

On October 17, 2025, the California Department of Financial Protection and Innovation (DFPI) entered a consent order with a licensed consumer lender, alleging violations of the Fair Access to Credit Act, which amended the California Financing Law to cap interest rates and fees on consumer loans between $2,500 and $10,000. The DFPI alleged that the lender charged rates and administrative fees above those limits and continued the practice as recently as January 2023.Continue Reading DFPI Orders Lender to Pay $1 Million for Alleged Violations of the Fair Access to Credit Act

On October 3, California Governor Gavin Newsom signed Senate Bill 446, which strengthens California’s existing data-breach disclosure requirements. The law requires businesses and individuals that conduct business in the state to notify affected consumers of a data breach within 30 calendar days of discovering or being notified of the incident. It also shortens the timeline for reporting large-scale breaches to the California Attorney General.Continue Reading California Enacts 30-Day Data Breach Notification Deadline

On October 6, the DFPI issued a Desist and Refrain Order against a digital-asset ATM operator for alleged violations of the California Digital Financial Assets Law (DFAL) and the California Consumer Financial Protection Law (CCFPL). The DFPI alleged that the company, which operates cryptocurrency kiosks throughout Northern California, repeatedly accepted and transmitted cash in excess of statutory transaction limits, charged unlawful fees, and failed to provide required disclosures and receipts to consumers in connection with the purchase and sale of digital assets.Continue Reading DFPI Orders Crypto Kiosk Operator to Cease Operations for Alleged Violations of Digital Financial Assets Law

On June 30, Governor Newsom signed into law AB 130, which includes a new provision to the California Civil Code, Section 2924.13. The new law (previously discussed here) became effective on July 1. The purpose of the law was purportedly to make it more difficult for loan servicers to non-judicially foreclose on so-called “zombie mortgages.” Continue Reading New California Law on Servicing of Second Mortgages Causes Confusion Among Lenders and Servicers

On September 23, 2025, the California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law approved final regulations under the California Consumer Privacy Act (CCPA). The regulations (previously discussed here) cover cybersecurity audits, risk assessments, automated decision making technology (ADMT), insurance companies, and updates to existing CCPA obligations.Continue Reading California Privacy Regulations on ADMT, Cybersecurity Audits, and Risk Assessments Receive Final Approval

On September 9, the California Privacy Protection Agency (CPPA) and the Attorneys General of California, Colorado, and Connecticut announced a joint enforcement sweep targeting businesses that may be failing to honor consumer opt-out requests under state privacy laws. The joint effort centers on the Global Privacy Control (GPC), a browser setting that automatically signals to companies that a consumer does not want their personal information sold or shared.Continue Reading California, Colorado, and Connecticut Launch Joint Privacy Sweep Over Opt-Out Rights

On August 18, the California Department of Financial Protection and Innovation (DFPI) announced a $2.3 million settlement with a former mortgage lender and servicer for alleged violations of the California Residential Mortgage Lending Act and California Financing Law. According to the DFPI, the company improperly charged thousands of California borrowers per diem interest in excess of what is permitted under state law.Continue Reading DFPI Orders Mortgage Lender to Pay $2.3 Million for Per Diem Interest Overcharges

On June 30, California Governor Newsom has signed AB 130, a budget trailer bill related to housing. This legislation includes new requirements for mortgage servicers of subordinate mortgages, defined in the bill, and took effect immediately. The text of the new statute, which comprises a very small portion of the full bill, may be found (here).Continue Reading California Enacts New Mortgage Servicing and Foreclosure Standards