CCPA

Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft risk assessment regulations.  The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year, at which time it will also consider draft regulations covering “automated decisionmaking technology” (ADMT), cybersecurity audits, and revisions to existing regulations.  Accordingly, the draft risk assessment regulations are subject to change.  Below are the key takeaways:

Continue Reading CPPA Releases Draft Risk Assessment Regulations

Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft “automated decisionmaking technology” (ADMT) regulations.  The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year.  Accordingly, the draft ADMT regulations are subject to change.  Below are the key takeaways:

Continue Reading CPPA Releases Draft Automated Decisionmaking Technology Regulations

Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments.  Public comments will be requested once the formal rulemaking process is kicked off.  Accordingly, the draft regulations are subject to change.  Below are the key takeaways:

Cybersecurity Audits

  • New cybersecurity audit

On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa.  If signed into law, S.B. 5 would take effect on January 1, 2026.  This blog post summarizes the statute’s key takeaways.

Continue Reading Indiana Passes Comprehensive Privacy Statute

The California Privacy Protection Agency (“CPPA”) announced it will hold a special meeting on July 28, 2022 at 9 a.m. PST to discuss and potentially act on proposed federal privacy legislation, including the bipartisan American Data Protection and Privacy Act (“ADPPA”) (H.R. 8152).  The ADPPA is a comprehensive data privacy bill that advanced through

During its June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) voted to initiate the formal California Privacy Rights Act (CPRA) rulemaking process.  The draft rules are expected to be very similar to those previously published in advance of the Board meeting, although Deputy Attorney General Lisa Kim noted during the meeting that minor errors may be updated prior to the formal submission of the draft rules.  The current draft rules and Initial Statement of Reasons (ISOR) continue to be accessible on the CPPA website.

Continue Reading California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process

In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA).  The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations.  A copy of the proposed

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings