The California Privacy Protection Agency (“CPPA”) issued and discussed draft regulations on Cybersecurity Audits and Risk Assessments late in the summer. The CPPA Board plans to discuss the draft regulations at its upcoming December 8th public meeting, along with a presentation on the regulations.
While the regulations are certainly subject to change moving forward, including in response to public comment, privacy, risk and security practitioners should consider how certain draft provisions may impact business operations as the CPPA moves closer to a final text.