United States of America: Opened consultation on California Privacy Protection Agency rulemaking on cybersecurity regulation

On 10 February 2023, the California Privacy Protection Agency (CPPA) opened a public consultation on the proposed Rulemaking on Cybersecurity Audits and Risk Assessments until 27 March. The CPPA welcomes stakeholders' views on the obligation to conduct cybersecurity audits foreseen by the California Consumer Privacy Act of 2018 (CCPA), which will be implemented by the CPPA in accordance with the California Privacy Rights Act of 2020 (CPRA). In particular, the CPPA seeks input on the scope and process of the cybersecurity audits required by other applicable laws, as well as best practices connected to them. Finally, the Agency is concerned with determining how to ensure that these audits will be thorough and independent.