CPPA seeking comment on cybersecurity audit, risk assessment rule adds
By 
Adrianne Appel2023-02-13T19:00:00
The California Privacy Protection Agency (CPPA) is seeking comment on privacy rules requiring certain large businesses to conduct annual cybersecurity audits and risk assessments if the state believes they are placing consumer data at risk.
The California Privacy Rights Act (CPRA) mandated the agency write cybersecurity audit and risk assessment rules for businesses whose processing of consumer personal data presents “significant risk to consumers’ privacy or security,” according to the CPPA’s request for comments published Friday.
The agency also will write rules concerning use of automated decision-making technology by businesses regarding consumers’ opt-out rights and their access to data.
Related articles
-
PremiumCPPA eyeing broad scope in early discussions around data risk assessments
Draft risk assessment regulations under the California Consumer Privacy Act are designed to prohibit businesses from handling consumer data if uncontrolled risks—to the security and privacy of the consumer, the public, or the business—outweigh the benefits.
-
News BriefLatest CCPA sweep targets employee, applicant info protections
The California Office of the Attorney General has turned its attention to the practices of large companies regarding the protection of the personal information of employees and job applicants as part of its latest investigative sweep under the California Consumer Privacy Act.
-
OpinionLegacy of CCPA: A blueprint for prioritizing compliance
Three years in, the promise of the California Consumer Privacy Act as a means of handing down eye-watering penalties against companies for data protection violations remains unfulfilled. And yet, the expanding U.S. data privacy legislation landscape is better for this.
More from Regulatory Policy
-
News BriefEuropean Commission unveils a simpler, more competitive EU Single Market, but businesses remain skeptical
The EU’s new strategy aims to boost SME growth and cut market barriers, but businesses doubt reforms will happen, and consumer groups fear weaker data protections.
-
News BriefFHFA chief orders Fannie and Freddie to consider crypto assets in mortgage assessments
In another sign of President Donald Trump’s focus on cryptocurrency, the head of the U.S. Federal Housing Finance Agency (FHFA) ordered Fannie Mae and Freddie Mac to create proposals to consider crypto assets for a single-family home mortgage.
-
ArticleEU, UK agree to reset rules on agrifoods, mergers and carbon trading as part of post-Brexit reset
Four years after Brexit, the U.K. and EU announced a “reset” that will ease barriers to importing and exporting food, drink, and agricultural produce. It may also harmonize rules around carbon emissions trading systems, simplifying compliance for multinational organizations that are large emitters, and enable more young people to gain ...