United States of America: Opened consultation on CPPA proposed regulations on cybersecurity audits
Description
Opened consultation on CPPA proposed regulations on cybersecurity audits
On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and insurance companies until 14 January 2025. Businesses meeting defined thresholds will be mandated to conduct annual cybersecurity audits, including evaluations of encryption, multifactor authentication, and vulnerability management protocols.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
data protection authority
Complete timeline of this policy change
Hide details
2023-08-28
under deliberation
2024-11-22
in consultation
2025-01-14
processing consultation