In Part 1 of this series, we discussed the annual cybersecurity audit requirements in the proposed rulemaking package (the “Draft Regulations”) of the California Privacy Protection Agency (the “CPPA”). In this Part 2, we discuss the Draft Regulations’ provisions on Automated Decision-Making Technology (“ADMT”). Most notably, the Draft Regulations’ definition of ADMT is more expansive [...]| Debevoise Data Blog
On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) opened the formal public comment period for its recently approved formal proposed rulemaking package for annual cybersecurity audits, automated decision-making technology, privacy requirements, insurance companies’ obligations, and other updates to existing regulations (the “Draft Regulations”). The Draft Regulations fulfill the CPPA’s mandate under the [...]| Debevoise Data Blog
Debevoise’s Data Strategy and Security group recently assisted four leading trade associations that represent the financial services industry in preparing a joint comment letter in response to the Cybersecurity and Infrastructure Security Agency’s (“CISA”) notice of proposed rulemaking for reporting requirements for critical infrastructure entities that experience covered cybersecurity incidents (the “Proposed Rule”), developed pursuant [...]| Debevoise Data Blog