News & Analysis as of

California Consumer Privacy Act (CCPA) Cybersecurity Audits

The California Consumer Privact Act (CCPA), effective January 1, 2020, enhances privacy rights and consumer protections of California residents. Follow this channel for latest guidance and updates on the CCPA,... more +
The California Consumer Privact Act (CCPA), effective January 1, 2020, enhances privacy rights and consumer protections of California residents. Follow this channel for latest guidance and updates on the CCPA, including implications for business conducting business in California.  less -
Ogletree, Deakins, Nash, Smoak & Stewart,...

California Finalizes Groundbreaking Regulations on AI, Risk Assessments, and Cybersecurity, Part II: What Businesses Need to Know

Ogletree, Deakins, Nash, Smoak & Stewart,... on

In July 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved new regulations pursuant to the California Consumer Privacy Act (CCPA) that specifically address the use of automated decisionmaking...more

Robinson & Cole LLP

Legal Update: New Updates to CCPA Regulations: California’s Focus on ADMT, Cybersecurity Audits, Risk Assessments, and More

Robinson & Cole LLP on

On July 24, 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved amendments to the California Consumer Privacy Act (CCPA). These substantial changes include new compliance obligations for...more

Blank Rome LLP

California Finalizes CCPA Regulations on Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking: Key Provisions and...

Blank Rome LLP on

The California Privacy Protection Agency (“CPPA”) finalized a set of regulations under the California Consumer Privacy Act (“CCPA”) on July 24, 2025, that address cybersecurity audits, risk assessments, and automated...more

Morgan Lewis

CPPA Board Finalizes New Rules on ADMT, Cybersecurity Audits, and Risk Assessments

Morgan Lewis on

The California Privacy Protection Agency (CPPA) board unanimously voted on July 24, 2025 to finalize a package of regulations related to automated decision-making technology (ADMT), cybersecurity audits, and risk assessments....more

Herbert Smith Freehills Kramer

Independent Cybersecurity Audits Will Be Required for ‘Significant Risk’ Under CCPA

Herbert Smith Freehills Kramer on

The California Privacy Protection Agency (CPPA) has unanimously adopted new regulations requiring certain businesses subject to the California Consumer Privacy Act (CCPA) to conduct annual audits of their cybersecurity...more

Orrick, Herrington & Sutcliffe LLP

CPPA releases updated regulations proposed after comment period

Orrick, Herrington & Sutcliffe LLP on

On July 24, the CPPA released updated regulations under the California Consumer Privacy Act, (CCPA) establishing those changes made after the 45-day comment period affecting three main areas of concern: Automated...more

Goodwin

California’s New Privacy and Cybersecurity Regulations on Risk Assessments, Automated Decision making and Cybersecurity Audits:...

Goodwin on

During a Board Meeting on July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously approved the long-awaited final text of its second rulemaking package, implementing a broad swath of new requirements...more

Wilson Sonsini Goodrich & Rosati

CPPA Approves New CCPA Regulations on AI, Cybersecurity, and Risk Governance, and Advances Updated Data Broker Regulations

Wilson Sonsini Goodrich & Rosati on

On July 24, 2025, the California Privacy Protection Agency (CPPA) Board voted to approve a long-awaited rulemaking package imposing substantial new compliance obligations on businesses subject to the California Consumer...more

Wyrick Robbins Yates & Ponton LLP

California’s New CCPA Cybersecurity Audit Regulations: A Roadmap to “Reasonable” Security?

Wyrick Robbins Yates & Ponton LLP on

Last week, the California Privacy Protection Agency (“Agency”) approved adoption of detailed new regulations under the CCPA that will include (among other notable components) a rule requiring annual cybersecurity audits for...more

Shook, Hardy & Bacon L.L.P.

California Adopts Regulations on Cybersecurity Audits

Shook, Hardy & Bacon L.L.P. on

California has approved new regulations requiring some companies to conduct annual audits of their cybersecurity programs, including the policies, procedures, and practices for protecting personal information. On July 24,...more

Foley & Lardner LLP

The Intersection of Agentic AI and Emerging Legal Frameworks

Foley & Lardner LLP on

The evolution of artificial intelligence (AI) has introduced systems capable of making autonomous decisions, known as agentic AI. While generative AI essentially “creates” – providing content such as text, images, etc. –...more

Sheppard Mullin Richter & Hampton LLP

California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?

Sheppard Mullin Richter & Hampton LLP on

In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more

Sheppard Mullin Richter & Hampton LLP

California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

Sheppard Mullin Richter & Hampton LLP on

The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which...more

Jackson Lewis P.C.

California Privacy Protection Agency Advances Rulemaking on AI and Cybersecurity Audits

Jackson Lewis P.C. on

On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. This comes on the heels of the California Civil...more

Paul Hastings LLP

CPPA Declines to Advance New Draft CCPA Regulations

Paul Hastings LLP on

The California Privacy Protection Agency (CPPA) Board met last week to discuss the latest updates on California Consumer Privacy Act (CCPA) draft regulations for cybersecurity audits, risk assessments, automated...more

Jackson Lewis P.C.

Nuanced Privacy Laws Means Healthcare Organizations Should Prioritize Protecting Personal Information

Jackson Lewis P.C. on

The healthcare industry is among the most highly regulated industries when it comes to privacy protections. In addition to the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers also...more

Foley & Lardner LLP

California Appellate Court Empowers Privacy Agency to Immediately Enforce CPRA Regulations.

Foley & Lardner LLP on

On February 9, a California appellate court issued a decisive ruling in favor of the California Privacy Protection Agency (the Agency), allowing the state to immediately begin enforcement of its new regulations, effectively...more

Woods Rogers

CPPA’s Regulatory Enforcement Restored: It’s Time to Get Compliant

Woods Rogers on

For businesses subject to California Consumer Privacy Act (CCPA), privacy compliance just became urgent. A California appellate court agreed on February 9, 2024, with the California Privacy Protection Agency (CPPA) that there...more

WilmerHale

2024 Privacy Law Preview

WilmerHale on

As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes to massive regulatory enforcement...more

Procopio, Cory, Hargreaves & Savitch LLP

California Advancing Regulations for AI, Other Cybersecurity Issues

Procopio, Cory, Hargreaves & Savitch LLP on

California continues to push beyond other states in developing and implementing privacy and cybersecurity regulations. The latest evidence came from the recent release of draft regulations from the California Privacy...more

Mintz - Privacy & Cybersecurity Viewpoints

Updates to CCPA Proposed Regulations: Cybersecurity Audits

Mintz - Privacy & Cybersecurity Viewpoints on

The California Privacy Protection Agency (“CPPA”) published a revised set of Draft Cybersecurity Audit Regulations ahead of the CPPA Board’s December 8, 2023 meeting. When the CPPA Board met on December 8, several key...more

WilmerHale

CPPA Publishes Additional Proposed Regulations - Including Proposed Revisions to CCPA Regulations - For Discussion at December...

WilmerHale on

In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more

WilmerHale

California Privacy Protection Agency Publishes New Draft CPRA Cybersecurity and Automated Decisionmaking Regulations in Advance of...

WilmerHale on

In advance of the California Privacy Protection Agency’s (CPPA) December 8 Board meeting, the Agency has published new draft automated decisionmaking technology (ADMT) regulations, as well as revisions to draft regulations on...more

WilmerHale

California Privacy Protection Agency Publishes Draft Cybersecurity Audit and Risk Assessment Regulations, Discusses at Public...

WilmerHale on

On Friday, September 8, the California Privacy Protection Agency (CPPA) held a public board meeting. The primary topic of discussion at this meeting was the Agency’s draft regulations on cybersecurity audits and risk...more

Jackson Lewis P.C.

CPPA Mulls Draft Cybersecurity Audit Regulations Under CPRA

Jackson Lewis P.C. on

When the California Privacy Rights Act (CPRA) was enacted, it created the California Privacy Protection Agency (CPPA) and delegated to the CPPA significant regulatory authority. One of the areas of that authority is...more

37 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide