The California Privacy Protection Agency (CPPA) has released draft regulations for cybersecurity audits, cybersecurity risk assessments, and the use of automated decision-making technology (ADMT). While formal rulemaking has not yet begun and enforcement is likely at least two years off, businesses subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the CCPA), should start considering now whether and how these regulations may apply to them. Kim Metzger breaks down the proposed regulations and shares what businesses should be doing now to prepare.
1.23.2024