United States of America: Published Revised Draft Risk Assessment Regulations
Description
Published Revised Draft Risk Assessment Regulations
On 23 February 2024, the California Privacy Protection Agency (CPPA) published a Revised Draft of the Risk Assessment Regulations. According to the Revised Draft, every business that processes personal information of consumers must conduct a risk assessment before processing said data. Businesses are obligated to conduct a risk assessment when they sell, share, or use automated decisionmaking technology for a significant decision or use personal information for training of their automated decisionmaking technology. The Revised Draft expands on a previous draft version, providing, among other things, more detailed examples. The Revised Draft is intended to inform public and board discussion and is therefore subject to further revision.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
data protection authority
Complete timeline of this policy change
Hide details
2023-08-28
under deliberation
2024-02-23
under deliberation
2024-11-22
in consultation
2025-01-14
processing consultation
2025-03-28
under deliberation
2025-05-09
under deliberation
2025-09-23
adopted
2026-01-01
in force