Start Free Trial
Home/Regulations/CCPA / CPRA and State Privacy Laws (Financial Services) — Regulatory Reference
Regulatory Reference
Financial Services State high

CCPA / CPRA and State Privacy Laws (Financial Services) — Regulatory Reference

Consumer data rights (access, deletion, opt-out) — enforced at the retrieval layer before data enters agent context.

Key Provisions
  • Consumer rights to know, delete, correct, and opt-out of sale or sharing
  • Sensitive personal information category (CPRA expansion)
  • Automated Decision-Making Technology (ADMT) rulemaking — pre-use notice and opt-out
  • Comparable state laws: Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA
How AutoPIL Enforces It
  • Purpose limitation enforced at retrieval — AI agents only see data permitted for the declared purpose
  • Opt-out signals propagate to AutoPIL policy and block matching retrievals
  • Audit chain documents which agent accessed which consumer's data, supporting Right-to-Know responses
Policy EngineSensitivity LabelsAudit LogCatalogAgent Registry
AutoPIL Policy IDs
FS-CCPA-RTK-001Right to Know — Agent Access Recall
FS-CCPA-OPT-001Opt-Out Propagation to AI Agents
Official Sources
https://oag.ca.gov/privacy/ccpahttps://cppa.ca.gov/regulations/

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries