United States of America: Privacy Protection Agency's Risk Assessment Regulations

On 23 September 2025, the California Office of Administrative Law approved the final regulations under the California Consumer Privacy Act (CCPA), including requirements on risk assessments. Businesses subject to the risk assessment obligations must…

On 28 March 2025, the California Privacy Protection Agency (CPPA) published updated draft regulations on risk assessments before its Board meeting. These were based on proposals released for public comment by 14 January 2025. While the draft does no…

On 14 January 2025, the California Privacy Protection Agency (CPPA) closes the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technolog…

On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technolo…

On 23 February 2024, the California Privacy Protection Agency (CPPA) published a Revised Draft of the Risk Assessment Regulations. According to the Revised Draft, every business that processes personal information of consumers must conduct a risk as…

On 28 August 2023, the California Privacy Protection Agency (CPPA) released materials ahead of its 8 September 2023 board meeting, including draft Risk Assessment Regulations. The CPPA clarified that formal rulemaking processes for cybersecurity aud…