While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on to its next rulemaking.
On February 10, 2023, the CPPA issued an invitation for preliminary comments on proposed rulemaking pertaining to cybersecurity audits, risk assessments, and automated decision-making. The invitation includes some specific questions the CPPA would like to receive comments on, but comments are not limited to those areas of inquiry.
The comment period will be open until March 27, 2023, and can be submitted:
Electronic: Comments may be submitted electronically to email@example.com. Please include “PR 02-2023” in the subject line.
Mail: California Privacy Protection Agency Attn: Kevin Sabo 2101 Arena Blvd Sacramento, CA 95834
The questions posed by the CPPA appear to be attempting to harmonize the efforts of the CPPA with other laws other than the CCPA and CPRA that apply to covered businesses. There are also specific questions regarding the European Data Protection Board’s Guidelines on Data Protection Impact Assessment, as well as Colorado’s Privacy Act, suggesting that the CPPA is looking more widely than mere consistency with California law.
If you have questions on the CPPA rulemaking or related issues, contact a Jackson Lewis attorney to discuss.