California cybersecurity audit rule scope begins taking shape at CPPA meeting
By 
Adrianne Appel2023-09-12T12:41:00
A final version of California’s cybersecurity audit rules likely won’t be released until later next year at the earliest, according to a rough timeline discussed by the state’s privacy rulemaking agency, which debated a preliminary draft of the rules Friday.
The draft cybersecurity rules were approved among sweeping amendments to the state’s 2020 data privacy law under the California Privacy Rights Act. The changes to the California Consumer Privacy Act (CCPA) created the California Privacy Protection Agency (CPPA) to write and enforce the rules.
The five-member CPPA board mainly debated two aspects of the cybersecurity rules Friday: which businesses should be required to conduct annual audits and what should be included in those audits.
Related articles
-
PremiumCPPA preview: Cybersecurity audit regs nearing formal proposal
Companies with business in California could face tough new cybersecurity mandates under draft regulations that could be headed for formal rulemaking as soon as Friday.
-
PremiumAutomated decision-making tech rules added to crowded CPPA agenda
The California Privacy Protection Agency drafted its rules to apply the rights allowed to residents under the California Consumer Privacy Act to automated decision-making technology used by businesses.
-
PremiumModern-day enterprises: How to prepare for and prove network compliance
The need to prove network compliance is intensifying as lawmakers introduce new privacy legislation and organizations update their contractual security requirements for third-party vendors.
More from Regulatory Policy
-
ArticleWhat is AI washing and why companies need to stop exaggerating their AI prowess
The buzz around generative AI has reached fever pitch over the past few years—to such an extent that it’s practically a death knell for any company to say it’s not investing massively in gen AI to transform their business. There’s only one problem: many companies are either being misleading or ...
-
News BriefApple, Google face compliance crossroads as states push digital safeguards
A new law in Texas will go into effect next January that requires Apple and Google to verify the age of their app store users. This marks another piece of legislation from the state level intended to protect children, and the second such law specifically from Texas to limit children’s ...
-
Basic PageConsumer electronic supply chain at risk, FCC says in proposing new rules
Thousands of computers and other consumer electronic devices imported into the U.S. that were certified as safe by foreign laboratories have been identified as having links to the Chinese government or military, Brendan Carr, chair of the Federal Communications Commission, said Thursday in announcing an order to close the security ...