United States of America: CPPA Risk Assessment Regulations
Progress
Scope
Timeline of events
California Privacy Protection Agency published updated draft amendments to CCPA regulations including proposed risk assessment regulations
On 28 March 2025, the California Privacy Protection Agency (CPPA) published updated draft regulations on risk assessments before its Board meeting. These were based on proposals released for public comment by 14 January 2025. While the draft does no…
SourceClosed consultation on CPPA proposed risk assessment regulations
On 14 January 2025, the California Privacy Protection Agency (CPPA) closes the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technolog…
SourceOpened consultation on CPPA proposed risk assessment regulations
On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technolo…
SourcePublished Revised Draft Risk Assessment Regulations
On 23 February 2024, the California Privacy Protection Agency (CPPA) published a Revised Draft of the Risk Assessment Regulations. According to the Revised Draft, every business that processes personal information of consumers must conduct a risk as…
SourcePublished draft Risk Assessment Regulations
On 28 August 2023, the California Privacy Protection Agency (CPPA) released materials ahead of its 8 September 2023 board meeting, including draft Risk Assessment Regulations. The CPPA clarified that formal rulemaking processes for cybersecurity aud…
Source