California Privacy Protection Agency Advances Rulemaking on AI and Cybersecurity Audits

Jackson Lewis P.C.
Contact

On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. This comes on the heels of the California Civil Rights Department moving forward with its own regulations about AI.

The current version of the proposed regulations covers several areas:

  1. Automated Decision-Making Technology (ADMT):

The current draft regulations propose establishing consumers’ rights to access and opt out of businesses’ use of ADMT.

They also require businesses to disclose their use of ADMT and provide meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the consumer.

  1. Cybersecurity Audits:

The draft regulations propose mandating certain businesses to conduct annual cybersecurity audits to ensure compliance with the California Consumer Privacy Act (CCPA) and other relevant regulations. And specify the criteria and standards for these audits, including the scope, methodology, and reporting requirements.

  1. Risk Assessments:

The draft regulations require businesses to perform regular risk assessments to identify and mitigate potential privacy risks associated with their data processing activities.

Under the regulations, businesses would need to document their risk assessment processes and findings, and make these available to the CPPA upon request.

  1. Insurance Regulations:

Clarifies when insurance companies must comply with the CCPA, ensuring that consumer data handled by these entities is adequately protected.

The proposed regulations will enter a 45-day public comment period, during which stakeholders can submit written and oral comments. The CPPA will hold public hearings to gather additional feedback and discuss potential revisions to the proposed rules.

After the public comment period, the CPPA will review all feedback and make necessary adjustments to the regulations. This stage may involve multiple rounds of revisions and additional public consultations.

Once the CPPA finalizes the regulations, they will be submitted to the Office of Administrative Law (OAL) for review and approval. If approved, the regulations are expected to become effective by mid-2025.

Skip to content

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Jackson Lewis P.C.

Written by:

Jackson Lewis P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide