Effective January 1, 2026, California employers with over $25 million in revenue must conduct privacy risk assessments before processing HR Data that presents significant privacy risks. Triggers include handling sensitive information, using automated decision-making technology for major employment decisions, or systematic monitoring to infer characteristics. HR personnel and in-house counsel must participate. Assessments must be documented, updated every three years or after material changes, retained five years, and reported by an executive to the California Privacy Protection Agency starting April 2028.

Read More Here.