High urgency

What Do Employers Need To Know About Risk Assessments Under The California Consumer Privacy Act? (Video) - Mondaq

Detected July 6, 2026 · in US State Data-Privacy Laws

California employers must now conduct risk assessments for automated decision-making technology (ADMT) and other high-risk data practices under the CCPA/CPRA, as clarified by a new video from Mondaq.

Aforeworn detected this change in the US State Data-Privacy Laws space on July 6, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated High urgency. California employers using ADMT (e.g., hiring algorithms, performance monitoring) or processing sensitive personal information should confirm how it applies to their specific situation before acting. There is a time constraint attached: Risk assessments must be completed before the new data practice begins; ongoing assessments are required for existing practices. No specific grace period—enforcement is active.. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors US State Data-Privacy Laws continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.

What changed

The CPRA's risk assessment requirements now explicitly apply to employers, requiring them to evaluate and document the risks of ADMT and other high-risk data practices before implementation.

Who it affects

California employers using ADMT (e.g., hiring algorithms, performance monitoring) or processing sensitive personal information

What you must do

Conduct a risk assessment for any ADMT or high-risk data processing activity, including documenting the purpose, benefits, risks, and mitigation measures.

Deadline

Risk assessments must be completed before the new data practice begins; ongoing assessments are required for existing practices. No specific grace period—enforcement is active.

Source: https://news.google.com/rss/articles/CBMiigJBVV95cUxNM2hBb3owcHRXM3VPUFAtc0dzNjdvbmRTMGZMYm9rODJTaTBqbm91bkp6YXJQa1Jjc1hfLU5nLTJUbXBWdzRpZW5BU1htVHFVRTI1bVBTblIySm9hdEZnX0t1Z0xrMFRzaGpHbjhWUWk0UTY1QmJtVE5YLXd5bVFhdFNNUXp5dW9rVnVEZGFiZ0phTTlYVWFoNmJQTEwwQ3I1bDZWZ3RnbmRoNVkzalZjRjhwMEljMFlfT3JuVEREV3ZwUElXNXVpNGRoNVdyVHVzVmRmOGJpemUxMHFnZklTejFVVkxiX2trU3h6QmR2VllkVG91UHFRQ1BqRDhaTmRZY0NQSVJYa0ZSQQ?oc=5

Never miss a change like this again

Aforeworn watches US State Data-Privacy Laws around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.

Start your free trial

Related changes in US State Data-Privacy Laws