In a significant move towards enhancing data privacy and cybersecurity, California has revealed new draft requirements. The California Privacy Protection Agency (CPPA) Board disclosed draft regulations on Risk Assessment and Cybersecurity Audit on August 29, 2023. The board indicated that the formal rulemaking process would commence shortly, likely soon after the Board’s public meeting slated for September 8, 2023. Refer to full details here.
The proposed regulations touch upon key areas of privacy risk assessments, cybersecurity audits, and the role of artificial intelligence. As legal professionals catering to major corporations and law firms, these drafted rules bring about both challenges and opportunities in the realm of data privacy and cybersecurity.
- Privacy Risk Assessments: The draft encourages corporations to conduct privacy risk assessments. It is integral for firms to evaluate their data privacy risks comprehensively and take adequate measures to address those risks.
- Cybersecurity Audits: To prevent data breaches, the draft stipulates regular cybersecurity audits as a requirement. This calls for the deployment of a robust security framework and periodic checks to secure sensitive data.
- Artificial Intelligence: The role of AI in data privacy and cybersecurity cannot be overstated. The draft imposes certain restrictions on AI usage, making it important for corporations and law firms to adapt and ensure compliance.
In light of these drafted regulations, it’s recommended that corporations and law firms review their data privacy and cybersecurity practices. It is further advised to stay tuned for the formal announcement of these rules and accordingly adapt their practices, thus ensuring their operations remain compliant with the law.