June 10, 2026

The Hedge | Brutal Honesty Over Hype Since 2008

The CC&Rs — Covenants, Conditions, and Restrictions — are the foundational governing document of your HOA community. They run with the land, bind all current and future owners, and establish the basic rules of the community. When the board wants to change them, California law requires member approval through a supermajority vote — a protection that exists specifically to prevent boards from unilaterally changing the rules homeowners relied upon when they bought.

The Vote Requirement for CC&R Amendments

California Civil Code Section 4270 requires that CC&R amendments be approved by a specified percentage of association members — typically a majority or supermajority as defined in the existing CC&Rs, but not less than a majority of members who vote (with a quorum requirement). Many CC&Rs require approval by two-thirds of all members or two-thirds of a quorum. A CC&R amendment purportedly adopted without the required member vote is void and unenforceable.

What Boards Can Change Without a Vote

Rules and regulations — distinct from the CC&Rs — can typically be adopted and changed by the board alone through a properly noticed open board meeting. Rules govern day-to-day matters like parking, pool hours, noise restrictions, and pet policies. CC&Rs govern more fundamental matters like architectural standards, use restrictions, assessment authority, and member rights. The distinction between a rule and a CC&R provision matters because the amendment procedures differ significantly. If a board is trying to change something fundamental through a “rule” amendment rather than a CC&R amendment, they may be avoiding the required member vote.

Organizing Opposition to Bad Amendments

When a board proposes a CC&R amendment you oppose, the response is organized member outreach. Communicate with your neighbors, explain your concerns, and coordinate voting against the amendment. California law gives members the right to submit written ballot arguments to accompany the ballots sent to members. Use this right to make the case against the proposed amendment. A well-organized opposition to a problematic amendment can and does succeed — the supermajority requirement creates a meaningful bar that requires genuine community support to clear.

The Hedge has been cutting through financial and business noise since 2008. Brutal honesty over hype — always.

The Hedge | Brutal Honesty Over Hype Since 2008

California’s consumer privacy law — the California Consumer Privacy Act (CCPA) as amended and expanded by the California Privacy Rights Act (CPRA) — is one of the most comprehensive state privacy laws in the country. Understanding which businesses it applies to, what it requires, and what the enforcement landscape looks like in 2026 is essential for any California business with a website or customer database.

Who Is Covered

The CCPA/CPRA applies to for-profit businesses that do business in California and meet at least one of three thresholds: annual gross revenue exceeding $25 million; buy, sell, or share personal information of 100,000 or more consumers or households annually; or derive 50% or more of annual revenue from selling consumers’ personal information. For most small businesses — those with revenue well under $25 million and fewer than 100,000 customer records — CCPA/CPRA coverage is not triggered. But for growing businesses approaching these thresholds, compliance planning should start well before the threshold is crossed.

What Covered Businesses Must Do

For businesses within CCPA/CPRA’s scope, the requirements are substantial: provide a privacy notice at the point of data collection; honor consumer rights to know what data is collected, request deletion, and opt out of sale or sharing; implement data security appropriate to the sensitivity of the information collected; and maintain a “Do Not Sell or Share My Personal Information” link on any website that sells or shares data. The CPRA’s amendments added a new category for “sensitive personal information” with heightened protections and consumer opt-out rights.

The Enforcement Landscape

The California Privacy Protection Agency (CPPA), established by CPRA, has issued its first enforcement actions and is building a track record. Fines for intentional violations can reach $7,500 per violation — per consumer affected. For a business that processes 10,000 consumer records with a systemic violation, the theoretical maximum penalty is $75 million. In practice, first-time violators who remediate promptly receive significantly reduced penalties. The enforcement risk is real for businesses within CCPA’s scope; for businesses below the thresholds, the immediate risk is minimal but worth monitoring as the business grows.

The Hedge has been cutting through financial and business noise since 2008. Brutal honesty over hype — always.