Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
Businesses urge CPPA to narrow cybersecurity audit and risk‑assessment rules; some call for affirmative defense for compliance
Summary
At Feb. 19 CPPA public hearing, industry groups said draft cybersecurity‑audit and risk‑assessment rules duplicate existing frameworks and impose undue costs; some asked that compliance with final audits serve as an affirmative defense to liability
SACRAMENTO, Feb. 19, 2025 — Commenters at the California Privacy Protection Agency's Feb. 19 public hearing criticized proposed cybersecurity audit and risk‑assessment regulations as overly prescriptive, duplicative of existing standards and costly to implement, with several business groups asking the CPPA to narrow scope or defer to established frameworks.
Why it matters: The cybersecurity audit and risk‑assessment proposals would set new disclosure and audit obligations for entities covered by California privacy law. Industry witnesses said the requirements could force firms to divert resources from threat mitigation to…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
