CCPA/CPRA Update and New Cybersecurity/Risk Assessment Requirements

Description:The California Privacy Protection Agency (CPPA), just finished its September 8th board meeting, where it walked through its draft of the Cybersecurity Audits and Risk Assessments Regulations under CPRA. The CCPA is enforced by the California Office of the Attorney General while the CPRA will be enforced by the new California Privacy Protection Agency (CPPA) with full investigative, enforcement, and rulemaking authority. This session will cover the CCPA and CPRA privacy laws, provide an update on the recent CPPA Board Meeting, and review the new Cybersecurity Audits and Risk Assessments annual requirements. Under the CCPA rights include access, consent, equality, deletion, and portability. Under the CPRA new rights include the right to correct; opt-out of automated decision-making; access to information about automated decision making; and the right to restrict the use of sensitive PI. CCPA/CPRA was to be enforceable by January 1, 2023, then it got extended to July 1, 2023. Following a California Chamber of Commerce lawsuit, a Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. We will discuss what it means and whether you are ready for CCPA/CPRA.