The California Privacy Protection Agency’s initial draft rules package will focus on administrative enforcement and the agency’s audit authority, but not on automated decisionmaking, cybersecurity audits, or risk assessments, the board announced.
Streamlining the initial rulemaking package to exclude those areas will give the California Privacy Rights Act subcommittee more time to hammer out the “complex” regulations required for those topics, said Vinhcent Le, a board member and technology equity attorney.
“We request you allow our subcommittee to remain active during formal rulemaking,” Le said during a Thursday board meeting. “These can’t be rushed considering how important they are to ...