CPPA Issues Invitation for Preliminary Comments on Cybersecurity Audits, Risk Assessments, and Automated Decision making (2/10/2023)

UK Version of GDPR

Today, the California Privacy Protection Agency (CPPA) issued an Invitation for Preliminary Comments on Proposed Rulemaking on the following topics: Cybersecurity Audits, Risk Assessments, and Automated Decision making. The invitation follows the CPPA Board’s vote on February 3, 2023, to invite pre-rulemaking comments from the public on these topics.

In November 2020, California voters approved Proposition 24, the California Privacy Rights Act of 2020 (CPRA). The CPRA added new privacy protections to the California Consumer Privacy Act (CCPA), and established a new agency, the CPPA, to implement and enforce the law.

The CPRA amendments to the CCPA direct the Agency to issue regulations requiring businesses whose processing of consumers’ personal information presents a significant risk to consumers’ privacy or security to (1) perform a cybersecurity audit on an annual basis, and (2) submit to the CPPA regularly a risk assessment concerning their processing of personal information. In addition, the CPRA amendments direct the Agency to issue regulations governing access and opt-out rights for businesses’ use of automated decision-making technology.

The Agency invites interested parties to submit pre-rulemaking comments on Cybersecurity Audits, Risk Assessments, and Automated Decision making by 5:00 p.m. PT on Monday, March 27, 2023.

Source; https://cppa.ca.gov/announcements/

Picture of Dposphere

Dposphere

Recent Post

A new regulation adopted on Thursday, February 29th, allows EU citizens to identify and authenticate themselves

Privacy is getting more and more critical in the modern world. Even giant enterprises face challenges

The UK Competition and Markets Authority’s (CMA) latest report on Google’s Privacy Sandbox raises concerns about