- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2024-01-09T20:16:00
Companies with business in California could face tough new cybersecurity mandates under draft regulations that are soon headed for formal rulemaking.
The California Privacy Protection Agency (CPPA) is expected to vote as early as Friday to launch the formal rulemaking process for a series of cybersecurity audit requirements on businesses. Once approved for formal rulemaking, the draft regulations would be open 45 days for public comment before being finalized. Businesses would then have two years to come into compliance with the rules.
Two other packages of draft rules, one on data risk assessments and another on automated decision-making technology, are still being debated by the five-member CPPA, which was tasked with writing and enforcing privacy rules under amendments to the California Consumer Privacy Act passed in 2020.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
Michael Macko, deputy director of enforcement at the California Privacy Protection Agency, described priorities for the agency now and in the near future during a recent board meeting.
The California Privacy Protection Agency warned businesses to stop asking for excessive information from consumers who have requested to opt out of having their data collected or who are otherwise exercising their privacy rights under the California Consumer Privacy Act.
California Attorney General Rob Bonta announced the launch of an investigative sweep targeting popular streaming apps and devices, alleging noncompliance with the California Consumer Privacy Act.
Any product that uses AI needs to be safety assessed for its entire lifespan under new rules that went into effect recently across the EU. Experts warned companies using AI to tailor products could be classed as “manufacturers” and face the same duty of care as developed.
When lawmakers slam the U.K.’s chief financial regulator as “incompetent,” it not only opens the doors for others to pile criticism on it, but it sparks a debate about how the organization can be improved–or removed.
The U.K. Financial Conduct Authority apologized to investors in peer-to-peer investment firm Collateral for not acting swiftly enough to prevent Collateral from defrauding its customers.
