United States of America: CPPA Cybersecurity Audit Regulations

Progress

Current status

under deliberation

28 Mar 2025 under deliberation

14 Jan 2025 processing consultation

22 Nov 2024 in consultation

28 Aug 2023 under deliberation

Scope

Implementers

United States of America

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Government Branch

executive

Government Body

data protection authority

Implementation Level

subnational

Timeline of events

28 Mar 2025

under deliberation

California Privacy Protection Agency published updated draft amendments to CCPA regulations including proposed regulations on cybersecurity audits

On 28 March 2025, the California Privacy Protection Agency (CPPA) published its revised draft regulations on cybersecurity audits before its Board meeting. This follows a public consultation that closed on 14 January 2025. The updates to the regulat…

Source

Event type order

Action type drafting

Government branch executive

Government body data protection authority

14 Jan 2025

processing consultation

Closed consultation on CPPA proposed regulations on cybersecurity audits

On 14 January 2025, the California Privacy Protection Agency (CPPA) closes the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technolog…

Source

Event type order

Action type consultation closed

Government branch executive

Government body data protection authority

22 Nov 2024

in consultation

Opened consultation on CPPA proposed regulations on cybersecurity audits

On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technolo…

Source

Event type order

Action type consultation opened

Government branch executive

Government body data protection authority

28 Aug 2023

under deliberation

Published draft Cybersecurity Audit Regulations

On 28 August 2023, the California Privacy Protection Agency (CPPA) released materials ahead of its 8 September 2023 board meeting, including draft Cybersecurity Audit Regulations. The CPPA clarified that formal rulemaking processes for cybersecurity…

Source

Event type order

Action type drafting

Government branch executive

Government body data protection authority

Progress

Scope

Timeline of events

California Privacy Protection Agency published updated draft amendments to CCPA regulations including proposed regulations on cybersecurity audits

Closed consultation on CPPA proposed regulations on cybersecurity audits

Opened consultation on CPPA proposed regulations on cybersecurity audits

Published draft Cybersecurity Audit Regulations

Related changes

United States of America: CPPA Risk Assessment Regulations

United States of America: CPPA order establishing fine thresholds

United States of America: California Privacy Protection Agency rules establishing an accessible deletion mechanism under DELETE Act (SB 362)

United States of America: Bill relating to exemption from obligation to provide certain personal information to authorities under California Privacy Rights Act (AB 1194)

United States of America: California Privacy Protection Agency Rulemaking on Automated Decision Making

United States of America: California Privacy Protection Agency rulemaking on cybersecurity regulation

United States of America: California Consumer Privacy Act Regulations

United States of America: Data protection regime in California Privacy Rights Act of 2020 (Proposition 24)

United States of America: Establishment of the California Privacy Protection Agency in California Privacy Rights Act of 2020 (Proposition 24)

United States of America: California State Attorney Opinion on Consumer Right to Access Inference Data according to CPRA

United States of America: Extension of exemptions in the amendment to the California Privacy Rights Act (AB 2871 and 2891)

United States of America: California: Assembly Bill No. 694 on Privacy and Consumer Protection

United States of America: Rulemaking authority of the California Privacy Protection Agency

United States of America: Interoperability requirements California Privacy Rights Act of 2020 (Proposition 24)

United States of America: System security requirements in California Privacy Rights Act of 2020 (Proposition 24)