California and Colorado Privacy Regulators Provide Updates on Rulemaking

The California Privacy Protection Agency (CCPA) proposed its framework for the CPPA Rulemaking Process and during the informal rulemaking process, the CPPA sought preliminary public input on cybersecurity audits and risk assessments; automated decision making; the agency’s audit authority; the right to correct inaccurate information; limiting the use of sensitive personal information; opt-out preference signals; and applicable standards for business’s determination that responding to a request to know the exceeding 12 months is “impossible” or “would involve a disproportionate effort.” Rulemaking priorities regarding the Colorado Privacy Act include the process of providing consumer notice that provides consumers with the opportunity to fairly and freely approve or reject data sharing; “dark patterns,” which can unfairly mislead consumers on this issue; the process for consumers to engage and learn about their data profiles as well as to correct inaccurate data; and providing guidance on company auditing and data protection assessment procedures.

 

Read more

Post By Ken Shafton (2,325 Posts)