On August 28, 2023, the California Privacy Protection Agency (the “Agency”) released two sets of draft regulations under the California Consumer Privacy Act (the “CCPA”), one for risk assessments and another for cybersecurity audits, as part of the Agency’s informal rulemaking process. We discuss the draft cybersecurity audits in California Proposes Annual Audits to Assess […]
California Privacy Protection Agency (CPPA)
California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity
In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed regulations set forth more detailed obligations for company cybersecurity programs, including routinely assessing and filing audits with the CPPA. Though these draft […]
CPPA Anticipates April Effective Date for CPRA Regulations
The California Privacy Protection Agency (“CPPA”) announced during its Board meeting on December 16, 2022 that the regulations implementing the California Privacy Rights Act (“CPRA”) will not likely go into effect until April 2023. CPPA Executive Direct Ashkan Soltani stated that the CPPA Staff plans to publish the final draft of the CPRA regulations in […]
CPPA Board Opposes American Data Privacy and Protection Act
On July 28, 2022, the California Privacy Protection Agency Board held a special public meeting to discuss state law preemption in the American Data Privacy and Protection Act (ADPPA). ADPPA, as currently drafted, preempts much of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The Board moved to […]
CPPA Formal Rulemaking Began on July 8, 2022
On July 8, 2022, the California Privacy Protection Agency (the “CPPA” or “Agency”) began the formal rulemaking process to adopt regulations implementing the amendments to the California Consumer Privacy Act (the “CCPA”) introduced by the California Privacy Rights Act (the “CPRA”). The “Proposed CCPA Regulations” (the “Proposed Regulations” or “Regulations”) were originally released by the […]