At its March 8, 2024 meeting, the Board of the California Privacy Protection Agency (“CPPA”) moved, by a 3-2 vote, to advance proposed regulations addressing automated decision-making technology (“ADMT”) and risk assessments for the processing of personal information. Notably, the Board’s vote only allows staff to begin paperwork preliminary to a rulemaking; it did not actually initiate the formal rulemaking process. At the meeting, the CPPA Staff clarified that the Board will need to re-review the draft rules for ADMT, privacy risk assessments, and cyber audits and vote again to initiate the rulemaking process. The CPPA’s General Counsel Philip Laird said he expects the Board will vote to begin the formal rulemaking process for all three topics in July 2024, at the earliest. Once formal rulemaking begins, the Board has one year to finalize the regulations, per California’s Administrative Procedure Act.Continue Reading California Privacy Protection Agency Takes Next Step on New Automated Decision-Making Regulations and Privacy Risk Assessments
Sierra Stubbs
Sierra Stubbs advises clients on a wide range of cybersecurity, data privacy, artificial intelligence, and public policy matters. As part of her data privacy and cybersecurity practice, Sierra helps clients navigate government and internal investigations, cybersecurity incident response, and compliance with U.S. state and federal privacy and cybersecurity laws and standards. As part of her public policy practice, Sierra supports the development of clients’ public policy strategies and initiatives, including those related to intellectual property, innovation, and artificial intelligence.
Prior to joining Covington, Sierra served in the Office of the Chief of Staff to the U.S. Secretary of Commerce, most recently as a Special Advisor.