Digital Policy Alert logo

United States of America: Opened consultation on CPPA proposed risk assessment regulations

Policy overview

Description

Opened consultation on CPPA proposed risk assessment regulations

On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation on proposed regulations on California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and insurance companies until 14 January 2025. The proposed regulations introduce mandatory risk assessments for data processing activities involving sensitive or large-scale personal information. Businesses will be required to identify and mitigate privacy risks, document safeguards, and ensure the quality of data used in automated decision-making.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-08-28
under deliberation

On 28 August 2023, the California Privacy Protection Agency (CPPA) released materials ahead of its …

2024-02-23
under deliberation

On 23 February 2024, the California Privacy Protection Agency (CPPA) published a Revised Draft of t…

2024-11-22
in consultation

On 22 November 2024, the California Privacy Protection Agency (CPPA) opened the public consultation…

2025-01-14
processing consultation

On 14 January 2025, the California Privacy Protection Agency (CPPA) closes the public consultation …

2025-03-28
under deliberation

On 28 March 2025, the California Privacy Protection Agency (CPPA) published updated draft regulatio…

2025-09-23
adopted

On 23 September 2025, the California Office of Administrative Law approved the final regulations un…