Skip to main content
Skip to navigation

Regulatory Policy

CPPA preview: Cybersecurity audit regs nearing formal proposal

By Adrianne Appel2024-01-09T20:16:00

Companies with business in California could face tough new cybersecurity mandates under draft regulations that are soon headed for formal rulemaking.

The California Privacy Protection Agency (CPPA) is expected to vote as early as Friday to launch the formal rulemaking process for a series of cybersecurity audit requirements on businesses. Once approved for formal rulemaking, the draft regulations would be open 45 days for public comment before being finalized. Businesses would then have two years to come into compliance with the rules.

Two other packages of draft rules, one on data risk assessments and another on automated decision-making technology, are still being debated by the five-member CPPA, which was tasked with writing and enforcing privacy rules under amendments to the California Consumer Privacy Act passed in 2020.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Premium
What’s on tap for CPPA from its deputy director of enforcement

2024-07-26T12:54:00Z By Adrianne Appel

Michael Macko, deputy director of enforcement at the California Privacy Protection Agency, described priorities for the agency now and in the near future during a recent board meeting.
News Brief
CPPA warns of collecting too much data in first enforcement advisory

2024-04-05T19:40:00Z By Adrianne Appel

The California Privacy Protection Agency warned businesses to stop asking for excessive information from consumers who have requested to opt out of having their data collected or who are otherwise exercising their privacy rights under the California Consumer Privacy Act.
News Brief
Calif. AG launches sweep into streaming apps’ compliance with CCPA

2024-01-29T18:04:00Z By Jeff Dale

California Attorney General Rob Bonta announced the launch of an investigative sweep targeting popular streaming apps and devices, alleging noncompliance with the California Consumer Privacy Act.

More from Regulatory Policy

Article
Compliance told to focus on reality as Euro courts brace for slew of greenwashing cases

2025-12-30T07:00:00Z By Ruth Prickett

In 2025, the regulatory focus on greenwashing intensified globally. This trend is set to accelerate in 2026, and compliance has a key part to play in ensuring corporate statements are honest.
Article
SFO guidance on evaluating compliance programs short on specifics, experts say

2025-12-30T07:00:00Z By Neil Hodge

Companies looking for greater certainty about how they might avoid criminal prosecution for bribery, fraud, and corruption offences may find they’re going to be disappointed if they’re looking for definitive answers in the latest guidance from the U.K.’s main fraud investigator, say experts.
Article
EU loosens AI and data rules

2025-12-24T18:45:00Z By Neil Hodge

Europe has been at the forefront of designing strong—but flexible—rules around data use and the safe development of AI, but the EU recently announced plans to simplify some key measures around data privacy and AI governance, which have met with mixed responses.