Philip N. Yannella, Gregory P. Szewczyk, and Timothy Dickens of Ballard Spahr write:
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve as the foundation for the process moving forward. Discussion of the draft regulations will be a central topic of the CPPA’s upcoming September 8th meeting.
Among the noteworthy aspects to the draft Regulations are (1) a proposed definition of “artificial intelligence” that differentiates the technology from automated decision-making; (2) transparency obligations for companies that train AI to be used by consumers or other businesses; and (3) a significant list of potential harms to be considered by businesses when conducting risk assessments.
Read more at Consumer Finance Monitor.