State Regulatory Developments

CA Privacy Protection Agency Invites Preliminary Comments on Proposed Rulemaking

The California Privacy Protection Agency (CPPA) recently issued an Invitation for Comments to assist it in developing regulations in accordance with its authority under the California Privacy Rights Act of 2020 (CPRA).  The CPPA invited comments on all aspects of its rule-making authority under the CPRA, but has specifically requested comments concerning the creation of rules for the following subject matters: (i) cybersecurity audits and risk assessments performed by businesses; (ii) automated decision making; (iii) audits performed by the CPPA; (iv) the consumers’ right to delete, correct, and know personal information; (v) the consumers’ right to opt their personal information out of selling or sharing; (vi) the consumers’ right limit sensitive information use and disclosure; and (vii) information required to be provided in a consumer request to know.  The CPPA also seeks comments on whether and how to update or create certain definitions of important terms and categories of information and activities contained in and covered by the CPRA.

The CPPA invited interested parties to submit comments by November 8, 2021.