CPPA Issues Draft CPRA Regulations on Risk Assessment and Cybersecurity Audit


On August 29, 2023, the California Privacy Protection Agency (“CPPA”) Board issued draft regulations on Risk Assessment and Cybersecurity Audit (the “Draft Regulations”). The CPPA Board will discuss the Draft Regulations during a public meeting on September 8, 2023.

In issuing the Draft Regulations, the CPPA Board makes clear that it has not yet started the formal rulemaking process for cybersecurity audits, risk assessments or automated decision-making technology, and that these Draft Regulations are intended to facilitate Board and public discussion and are subject to further changes. Nevertheless, the Draft Regulations provide insights into the type of requirements companies may be expected to comply with in the future.

Key highlights of the Draft Regulations include:

Draft Risk Assessment Regulations

Draft Cybersecurity Audit Regulations

Notably, the CPPA did not release draft regulations relating to automated decision-making, which is another topic the CPPA intends to regulate alongside risk assessments and cybersecurity audits.

The public meeting, which will feature a discussion of the Draft Regulations, will begin on September 8, 2023 at 9:00 a.m. PDT.

Listen to this post 


Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.
National Law Review, Volumess XIII, Number 242