Description

Closed consultation on CPPA proposed regulations on cybersecurity audits

On 14 January 2025, the California Privacy Protection Agency (CPPA) closes the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and insurance companies. The CPPA will assess the comments received to finalise the regulatory text. Businesses meeting defined thresholds will be mandated to conduct annual cybersecurity audits, including evaluations of encryption, multifactor authentication, and vulnerability management protocols.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-08-28
under deliberation

On 28 August 2023, the California Privacy Protection Agency (CPPA) released materials ahead of its …

2024-11-22
in consultation

On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation…

2025-01-14
processing consultation

On 14 January 2025, the California Privacy Protection Agency (CPPA) closes the public consultation …