Significant New CCPA Compliance Requirements Likely on the Way

On August 29, 2023, the California Privacy Protection Agency (CPPA) posted discussion drafts of its forthcoming regulations on cybersecurity audits and risk assessments as part of the materials for its September 8, 2023, public board meeting. These draft regulations are expected to eventually become part of the CPPA’s second rulemaking package under the California Consumer Privacy Act (CCPA) since the CCPA’s amendment by the California Privacy Rights Act. The CPPA has not yet started its formal rulemaking process for cybersecurity audits and risk assessments, and it has made clear that these draft regulations are meant to facilitate CPPA Board discussion and public participation. Nevertheless, the obligations set forth in the draft rules are extensive and provide an initial window into the onerous new compliance requirements. Notable requirements put forth for discussion under the draft regulations include:Continue Reading CPPA Posts Draft Rules on Cybersecurity Audits and Risk Assessments