- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-09-15T20:11:00
Businesses’ mishandling of consumer personal data has resulted in data breaches and an erosion of individuals’ rights, members of a California agency tasked with writing privacy risk assessment rules said.
The California Privacy Protection Agency (CPPA) met last week to consider its next batch of rulemaking under the California Consumer Privacy Act, which is set to include requirements for businesses handling the personal data of Californians to conduct risk assessments.
Still in draft form, the rules, along with those concerning cybersecurity audits and automated decision-making, are not expected to be finalized for at least a year. The CPPA previously released a batch of rulemaking that had its enforcement delayed until March 2024 following legal challenge.
The draft risk assessment regulations are designed to prohibit businesses from handling consumer data if uncontrolled risks—to the security and privacy of the consumer, the public, or the business—outweigh the benefits. Businesses must conduct risk assessments before collecting any personal data and show how they would mitigate any significant risks.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Register for free
Access one free, non-premium article each month.
Complimentary CPE webcasts, resources, and e-Books.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Companies with business in California could face tough new cybersecurity mandates under draft regulations that could be headed for formal rulemaking as soon as Friday.
The California Privacy Protection Agency drafted its rules to apply the rights allowed to residents under the California Consumer Privacy Act to automated decision-making technology used by businesses.
In this episode of the Digital Transformation of Compliance podcast series, Pilar Caballero, chief compliance officer and chief privacy officer at Ryder, discusses her company’s process for vetting privacy concerns regarding use of new technologies.
Mobile health applications and similar technology must notify customers following a data breach or risk violating the Federal Trade Commission’s Health Breach Notification Rule, under a broad update approved by the agency.
A commissioner at the Commodity Futures Trading Commission is calling for the agency to launch initiatives addressing the use—and misuse—of artificial intelligence tools in commodities markets.
Tens of millions of noncompete clauses included in employee contracts nationwide will be null and void by about Labor Day under a final rule issued by the Federal Trade Commission.
