Templates Compliance Regulatory Compliance Program Charter - California
California Compliance Regulatory
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO

Compliance Program Charter - California

Ready to Edit

COMPLIANCE PROGRAM CHARTER — CALIFORNIA SUPPLEMENT

Company: [________________________________]
Effective Date: [__/__/____]
Approved by: [________________________________]
Version: [____]

TABLE OF CONTENTS

  1. Purpose and Authorization
  2. California Regulatory Landscape
  3. Scope — California-Specific Compliance Domains
  4. Governance Enhancements
  5. Core Program Elements — California Focus
  6. California Regulatory Change Management
  7. California-Specific Reporting and Metrics
  8. Resources
  9. Review and Approval
  10. Annexes

1. PURPOSE AND AUTHORIZATION

This supplement to the Universal Compliance Program Charter addresses California-specific regulatory requirements. California maintains one of the most comprehensive and actively enforced regulatory regimes in the United States, including the CCPA/CPRA (nation's strongest comprehensive privacy law), FEHA (broader employment protections than federal law), the Unfair Competition Law (UCL), and the Consumer Legal Remedies Act (CLRA). The California Privacy Protection Agency (CPPA) has rulemaking authority and enforcement powers under the CPRA.

2. CALIFORNIA REGULATORY LANDSCAPE

Domain Key California Statutes/Regulations Regulator
Privacy & Data Security CCPA/CPRA (Cal. Civ. Code § 1798.100 et seq.); CPPA Regulations (11 CCR § 7050 et seq.); ADMT regulations (11 CCR § 7030 et seq.); Breach notification (§ 1798.82); CalOPPA (Bus. & Prof. Code § 22575) CPPA; CA AG
Consumer Protection UCL (Bus. & Prof. Code § 17200); CLRA (Civ. Code § 1750 et seq.); False Advertising Law (Bus. & Prof. Code § 17500) CA AG; private plaintiffs
Employment FEHA (Gov. Code § 12940 et seq.); Cal. Lab. Code (wage/hour, meal/rest, paid leave); SB 1162 (pay transparency); Whistleblower (Lab. Code § 1102.5) DFEH/CRD; Labor Commissioner
Environmental CEQA; Proposition 65 (Safe Drinking Water and Toxic Enforcement) DTSC; OEHHA
Corporate Governance Cal. Corp. Code; SB 826/AB 979 (board diversity, if applicable) CA SOS
AI/Technology ADMT regulations (CPPA); SB 1047 considerations; Automated Employment Decision Tools CPPA; CA AG

3. SCOPE — CALIFORNIA-SPECIFIC COMPLIANCE DOMAINS

In addition to the universal compliance domains, the following California-specific areas require dedicated program attention:

3.1 Privacy and Data Security

☐ CCPA/CPRA compliance: privacy notices, consumer rights (Know, Delete, Correct, Portability, Opt-Out of Sale/Sharing, Limit Sensitive PI), service provider/contractor agreements, GPC recognition
☐ CPPA regulations implementation: automated decision-making technology (ADMT) transparency, risk assessments, cybersecurity audits (when finalized)
☐ California breach notification (Cal. Civ. Code § 1798.82): expedient notification; AG notice for >500 CA residents

3.2 Consumer Protection

☐ UCL (§ 17200): unfair, unlawful, or fraudulent business acts — review marketing, pricing, disclosures
☐ CLRA (Civ. Code § 1750): consumer goods/services representations — review advertising and sales practices
☐ False Advertising Law (§ 17500): truthfulness of advertising claims

3.3 Employment

☐ FEHA (Gov. Code § 12940): harassment, discrimination, retaliation protections broader than federal Title VII (includes all employers with 5+ employees)
☐ Wage/hour: California-specific meal/rest period requirements, overtime, paid sick leave, pay transparency (SB 1162)
☐ Whistleblower protections (Lab. Code § 1102.5): protections against retaliation for reporting violations of law
☐ Mandatory sexual harassment prevention training (Gov. Code § 12950.1)

3.4 AI and Technology

☐ ADMT regulations (11 CCR § 7030): transparency, access, and opt-out for significant automated decisions
☐ Monitor evolving California AI legislation and CPPA rulemaking

4. GOVERNANCE ENHANCEMENTS

4.1 California Compliance Oversight

Role California Responsibilities
CCO Oversee CA regulatory compliance across all domains; CPPA/AG relationship management
Chief Privacy Officer CCPA/CPRA compliance; CPPA regulatory engagement; risk assessment program
Employment Counsel FEHA compliance; wage/hour; harassment prevention; pay transparency
Consumer Protection Counsel UCL/CLRA review of marketing, advertising, and sales practices
Board/Committee Receive CA-specific compliance reports; approve CA privacy program resources

4.2 CPPA Regulatory Engagement

☐ Designate point of contact for CPPA inquiries and investigations
☐ Monitor CPPA rulemaking proceedings and public comment periods
☐ Track CPPA enforcement actions and apply lessons learned
☐ Maintain records to support CPPA audit/investigation response

5. CORE PROGRAM ELEMENTS — CALIFORNIA FOCUS

5.1 Risk Assessment — CA Additions

Risk Area Assessment Focus Frequency
CCPA/CPRA compliance Privacy notices, rights handling, vendor agreements, sensitive PI, ADMT Annual
UCL/CLRA exposure Marketing claims, pricing practices, disclosure adequacy Annual
FEHA/employment Harassment prevention, discrimination, pay equity, wage/hour Annual
Breach readiness CA breach notification procedures and AG notification Annual
AI/ADMT Automated decision-making systems, bias, transparency Annual

5.2 Policies — CA-Specific

☐ California Privacy Notice (CPRA-compliant)
☐ Service Provider/Contractor Agreement template (CPRA-compliant)
☐ Consumer Rights Request procedures
☐ California breach notification procedures
☐ FEHA anti-harassment/anti-discrimination policy (CA-specific provisions)
☐ California wage/hour compliance guide
☐ Whistleblower protection policy (Lab. Code § 1102.5)
☐ ADMT transparency policy (when applicable)

5.3 Training — CA-Specific

Training Audience Frequency Requirement
CCPA/CPRA awareness All CA employees, privacy team Annual Best practice
Sexual harassment prevention Supervisors (2 hrs); non-supervisors (1 hr) Biennial Gov. Code § 12950.1
FEHA discrimination/retaliation All CA employees Annual Best practice
Consumer protection (UCL/CLRA) Marketing, sales, product Annual Best practice
Whistleblower protections All employees Annual Lab. Code § 1102.5

5.4 Monitoring and Testing — CA Additions

☐ CCPA/CPRA consumer rights request handling — sample testing of response times and accuracy
☐ GPC signal recognition verification
☐ Service provider/contractor agreement audit for CPRA compliance
☐ Marketing review for UCL/CLRA compliance
☐ FEHA training completion tracking
☐ Pay equity analysis (SB 1162)
☐ Breach notification tabletop exercise

5.5 Third-Party Risk — CA Additions

☐ CPRA service provider/contractor classification for all CA-data vendors
☐ GPC/opt-out signal compliance verification
☐ Subcontractor flow-down verification
☐ Audit rights exercise per CPRA § 1798.100(d)(1)

6. CALIFORNIA REGULATORY CHANGE MANAGEMENT

Source Monitoring Approach
CPPA rulemaking Track CPPA website, register for notices, monitor public comment periods
California Legislature Monitor proposed legislation through bill tracking service
CA AG enforcement Review AG enforcement announcements and settlements
DFEH/CRD guidance Monitor guidance documents and FAQs
Court decisions Track significant CA privacy, consumer protection, and employment decisions

7. CALIFORNIA-SPECIFIC REPORTING AND METRICS

Metric Target Frequency
CCPA consumer rights requests: response within 45 days 100% Quarterly
GPC signal compliance Verified Annual
CPRA SP/contractor agreements current 100% Quarterly
FEHA harassment training completion 100% of required Biennial
Pay transparency compliance 100% Annual
CA breach notification tabletop Completed Annual
UCL/CLRA marketing review All material campaigns reviewed Ongoing

Report California-specific metrics to [Board/Committee] quarterly.

8. RESOURCES

Ensure adequate resources for California-specific compliance, including:

☐ Privacy team staffing for CCPA/CPRA program
☐ Employment counsel for FEHA/wage-hour
☐ Consumer protection review resources
☐ External CA regulatory counsel
☐ Training platform supporting CA-specific content

9. REVIEW AND APPROVAL

Review this supplement annually or upon material California regulatory change. Approval recorded in Board/Committee minutes.

10. ANNEXES

Annex A: California Regulatory Calendar

Date/Period Event/Deadline Responsible
Ongoing CCPA/CPRA consumer rights request response (45 days) Privacy
Ongoing GPC signal compliance verification Privacy / Engineering
Biennial FEHA harassment training completion (Gov. Code § 12950.1) HR
Annual CCPA/CPRA privacy notice review and update Privacy
Annual Pay data reporting to CRD (SB 1162) HR
Annual Service provider/contractor agreement audit Privacy / Legal
Annual ADMT compliance review (if applicable) Privacy
Annual Breach notification tabletop exercise Security
Ongoing CPPA rulemaking monitoring Compliance / Legal
Ongoing CA AG enforcement action monitoring Compliance

Annex B: CCPA/CPRA Compliance Program Checklist

☐ Privacy notice published and current (Cal. Civ. Code § 1798.100(a))
☐ Consumer rights request intake mechanisms operational (online, toll-free, email)
☐ Processes verified for all CPRA consumer rights:

  • Right to Know / Access (§ 1798.100)
  • Right to Delete (§ 1798.105)
  • Right to Correct (§ 1798.106)
  • Right to Portability (§ 1798.100(d))
  • Right to Opt-Out of Sale/Sharing (§ 1798.120)
  • Right to Limit Use of Sensitive PI (§ 1798.121)
  • Right to Non-Discrimination (§ 1798.125)
    ☐ Response timeline: 45 days (extendable by 45 days per 11 CCR § 7024)
    ☐ GPC / universal opt-out signal recognized (§ 1798.135; 11 CCR § 7025)
    ☐ "Do Not Sell or Share" link in website footer (§ 1798.135(a))
    ☐ "Limit the Use of My Sensitive PI" link (if sensitive PI processed) (§ 1798.135(a))
    ☐ Service provider agreements with CPRA-compliant terms (§ 1798.100(d))
    ☐ Contractor agreements with certification and audit terms (§ 1798.140(j))
    ☐ Subcontractor flow-down verified (§ 1798.100(d)(5))
    ☐ Data inventory/mapping current
    ☐ Retention schedules limited to what is reasonably necessary (§ 1798.100(a)(3))
    ☐ Risk assessments for significant processing (§ 1798.185(a)(15))
    ☐ ADMT transparency and opt-out (11 CCR § 7030, if applicable)

Annex C: FEHA Employment Compliance Checklist

☐ Anti-harassment policy adopted (compliant with Gov. Code § 12950)
☐ Complaint procedures clearly communicated to all employees
☐ Sexual harassment prevention training completed:

  • Supervisors: 2 hours (Gov. Code § 12950.1(a))
  • Non-supervisory employees: 1 hour (Gov. Code § 12950.1(b))
    ☐ Training records maintained
    ☐ Accommodation interactive process documented
    ☐ Pay equity analysis conducted (Lab. Code § 1197.5; SB 1162)
    ☐ Pay ranges disclosed in job postings (Lab. Code § 432.3)
    ☐ Pregnancy/lactation accommodations policy in place
    ☐ Leave policies comply with CFRA, PDL, and other CA leave laws

SOURCES AND REFERENCES

  • CCPA/CPRA, Cal. Civ. Code § 1798.100 et seq.
  • CPPA Regulations, 11 CCR § 7050 et seq.
  • Cal. Civ. Code § 1798.82 (Breach Notification)
  • Cal. Bus. & Prof. Code § 17200 (Unfair Competition Law)
  • Cal. Civ. Code § 1750 (Consumer Legal Remedies Act)
  • Cal. Gov. Code § 12940 (FEHA)
  • Cal. Gov. Code § 12950.1 (Harassment Training)
  • Cal. Lab. Code § 1102.5 (Whistleblower Protections)
  • DOJ Evaluation of Corporate Compliance Programs (2023)
  • U.S. Sentencing Guidelines § 8B2.1

This template is provided for informational purposes only and does not constitute legal advice. Consult qualified legal counsel before use.

Ezel AI
Hi! Need help customizing this document? I can tailor every section to your specific case in minutes.
AI Legal Assistant
Ezel AI
Hi! Need help customizing this document? I can tailor every section to your specific case in minutes.

Insert Image

Insert Table

Watch Ezel in action (sample case)

All changes saved
Save
Export
Export as DOCX
Export as PDF
Generating PDF...
compliance_program_charter_ca.pdf
Ready to export as PDF or Word
AI is editing...
Chat
Review

Customize this document with Ezel

  • Deep Legal Knowledge
    Understands case law, statutes, and legal doctrine specific to California.
  • Court-Ready Formatting
    Proper captions, certificates of service, and local rule compliance.
  • AI-Powered Editing on Your Timeline
    Edit as many times as you need. Tailor every section to your specific case.
  • Export as PDF & Word
    Download your finished document in professional PDF or DOCX format, ready to file or send.
Secure checkout via Stripe
Need to customize this document?

Related Legal Templates

Available in Other Jurisdictions

Compliance Program Charter Universal Compliance Program Charter - Florida FL Compliance Program Charter - New York NY Compliance Program Charter - Texas TX

More Compliance Regulatory Templates

AI Acceptable Use & Governance Policy - California CA California CCPA/CPRA Privacy Notice CA Code of Conduct - California CA Compliance Risk Assessment Matrix - California CA Corporate Compliance Manual - California CA Data Processing Addendum (Short Form) — California CA Browse all

About This Template

Compliance documents are what regulated businesses use to prove they follow the rules that apply to their industry, whether that is privacy, anti-money-laundering, consumer protection, or sector-specific requirements. Regulators look for consistent policies, up-to-date records, and clear evidence of employee training. The cost of getting compliance paperwork right is almost always smaller than the cost of an enforcement action, fine, or public disclosure.

Important Notice

This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.

Last updated: April 2026