CPPA Starts Rulemaking on Cybersecurity, Risk Assessments, and Automated Decision-making

Mary Costigan, Jason Gavejian, Joseph Lazzarotti, Sean Paisan, Damon Silver, Robert Yang
Jackson Lewis P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on to its next rulemaking.

On February 10, 2023, the CPPA issued an invitation for preliminary comments on proposed rulemaking pertaining to cybersecurity audits, risk assessments, and automated decision-making. The invitation includes some specific questions the CPPA would like to receive comments on, but comments are not limited to those areas of inquiry.

The comment period will be open until March 27, 2023, and can be submitted:

Electronic: Comments may be submitted electronically to regulations@cppa.ca.gov. Please include “PR 02-2023” in the subject line.

Mail: California Privacy Protection Agency Attn: Kevin Sabo 2101 Arena Blvd Sacramento, CA 95834

The questions posed by the CPPA appear to be attempting to harmonize the efforts of the CPPA with other laws other than the CCPA and CPRA that apply to covered businesses. There are also specific questions regarding the European Data Protection Board’s Guidelines on Data Protection Impact Assessment, as well as Colorado’s Privacy Act, suggesting that the CPPA is looking more widely than mere consistency with California law.

Written by:

Jackson Lewis P.C.
Jackson Lewis P.C.
Contact
more
less

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide