Penka Hristovska
Published on: January 6, 2024
The state of California is making a serious effort to boost cybersecurity, improve risk assessment, and regulate the use of AI (Artificial Intelligence) technology.
California’s consumer privacy regulator, the California Privacy Protection Agency (CPPA), released a draft of proposed changes and revisions aimed at introducing better privacy measures.
CPPA is seeking to regulate automated decision-making technology (ADT), which, per the draft, is any system or software that analyzes personal data using advanced computer algorithms to either make decisions or help in decision-making.
The proposed regulations introduce specific criteria for when businesses must notify consumers, offer them an opt-out choice, and provide access to their data, in the context of ADT. These criteria include situations where ADT significantly affects consumers legally — for example, when used in profiling activities for employment, public spaces, targeted advertising, and when the consumer profile is younger than 16 years.
CPPA is also looking to refine the criteria for mandatory cybersecurity audits for businesses that would evaluate potential harms caused by data breaches, including economic, psychological, physical, and reputation damages to consumers. The privacy regulator is proposing a dual threshold: businesses with at least $25 million in yearly revenue and businesses that process a significant amount of personal data.
For the latter group of businesses specifically, the audit requirement kicks in when a business, in the previous year, processed data of 50,000 or more consumers under 16 years old, sensitive data of 50,000 or more consumers, or personal information of 250,000 or more consumers.
Finally, under California’s proposed regulations, businesses will also need to perform risk assessments when they process personal information in a way that poses a significant privacy threat for consumers. This includes activities like processing sensitive information, selling or sharing personal data, and using ADT to make impactful decisions, to profile consumers in various roles.
The regulator wants to reduce the 24 month-period that businesses currently have to submit and update their initial risk assessment. Additionally, the CPPA board is suggesting that they’re allowed to request risk assessments with a 5-day response time, and involve the Attorney General in these requests. Businesses would also be required to notify CPPA of any changes in their data processing techniques or strategies.
The subcommittee will now refine the proposed changes and return them to the board for a final review before they’re opened for public commentary.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.safetydetectives.com/news/california-takes-steps-forward-to-regulating-ai-and-cybersecurity/
