On November 22, 2024, the California Privacy Protection Agency (CPPA) opened the formal public comment period for its latest proposed rulemaking package. The package includes updates to existing regulations and proposed regulations for cybersecurity audits, risk assessments, automated decision-making technology (ADMT) and insurance companies. The public comment period begins on November 22, 2024 and concludes on January 14, 2025.
Members of the public are encouraged to provide feedback. Individuals may give oral feedback and are encouraged to attend the CPPA’s public hearing on Tuesday, January 14, 2025. Additional information can be found here. Individuals may also provide written public comments via email to regulations@cppa.ca.gov or send hard copies to the Agency’s headquarters. Written comments will be accepted until 6 p.m. PST on January 14, 2025.
The proposed rulemaking package:
- Includes updates to existing CCPA regulations;
- Establishes requirements for certain businesses to complete annual cybersecurity audits and conduct risk assessments;
- Implements consumers’ rights to access and opt out of businesses’ use of ADMT and
- Clarifies when insurance companies must comply with the CCPA.
The CPPA has extended the public comment period beyond the 45-day statutory requirement to ensure ample opportunity for participation.
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-06-06-20-49-24-893-666220d4737578f741492c8c.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-12-02-15-56-44-698-674dd8bc4c309d768a58c8ea.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-11-27-16-00-52-788-67474234af241b2bae43e5be.jpg)
/Passle/5fb3c068e5416a1144288bf8/MediaLibrary/Images/613651eb400fb30dc02a5b3b/2022-11-07-22-43-38-737-63698a1af636e91d58b49e5e.jpeg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-11-26-14-56-56-301-6745e1b8993f4885112567b4.jpg)