LOGIN Request a call


CPPA Publishes New Draft Regulations That Address Risk Assessments, and Cyber Audits

11 Sep


Update Applicable to:

All employers subject to the California Consumer Protection Act (CCPA)

What happened?

In preparation for its September 8, 2023 Board meeting, the California Privacy Protection Agency (CPPA) has released draft regulations concerning risk assessments and cybersecurity audits. These drafts were provided as part of the meeting materials for an update from the CPRA rules subcommittee, indicating the agency’s commitment to addressing privacy and cybersecurity matters.

What are the details?

While these documents are preliminary drafts, they offer an initial glimpse into the Agency’s deliberations regarding these new and substantial rulemaking subjects. In essence, the drafts signify the Agency’s intention to impose extensive obligations on businesses subject to these regulations. See below links for additional information.

Additional News:

California Consumer Complaint Portal Now Live: The California Privacy Protection Agency launched its Consumer Complaint Portal and related FAQs for consumers to direct their privacy-related complaints and suspected violations of the California Consumer Protection Act (CCPA).

For more information, please see the links below:

Summary of Risk Assessment Details

Summary of Cybersecurity Audit Details

Board Meeting Document

Cybersecurity Document

Risk Assessment Document

Law Firm Article

What do employers need to do?

Employers should review the above summaries and read through the draft documents to have an idea of what to expect from the CPPA in the coming months.


Need help understanding how changes to employment laws will affect your business?

Learn more about how Vensure's California PEO services can help you navigate complex employment laws and keep your business compliant.

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.

Keep Your Business Compliant

Fill out the form below to receive monthly Employment Law Updates right in your inbox.

Keep Your Business Compliant

Fill out the form below to receive monthly Employment Law Updates right in your inbox.


You're all set.

Thanks for subscribing. Be on the look out for the Legal HR updates in your email.

Tracking Convertion image