On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) issued a Notice of Proposed Rulemaking and opened the formal comment period for its proposed regulations on updates to existing California Consumer Privacy Act (the “CCPA”) regulations, cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and the applicability of the CCPA to insurance companies. The public has until January 14, 2025, to submit written comments on the proposed regulations. The public may also submit oral comments during a virtual and in-person hearing scheduled for January 14, 2025. The CPPA will weigh written and oral comments received during the public comment period and determine whether to adopt or further modify the proposed regulations at a board meeting following the comment period.
Notably, this formal public comment period is longer than the statutorily required 45-day period as the CPPA extended it to “give all interested parties sufficient time and capacity to weigh in on this important rulemaking package,” according to CPPA General Counsel Philip Laird.
More information related to the public comment period, including how the public can submit comments, can be found in the CPPA’s announcement on the public comment period and in the CPPA’s update on formal rulemaking for the proposed regulations. The CPPA’s update also contains public comments received in response to the CPPA’s Invitation for Preliminary Comments on Proposed Rulemaking during and after the preliminary public comment period, which was open from February 10, 2023, through March 27, 2023.
For background on the proposed regulations, including a timeline of the earliest date that the proposed regulations can take effect, please see our prior blog post. Alston & Bird’s Privacy, Cyber & Data Strategy Team will continue to monitor developments surrounding CCPA rulemaking and provide updates as more information becomes available. Please contact us if you have any questions.
