The California Privacy Protection Agency (CPPA) has released two sets of draft regulations under the California Consumer Privacy Act (CCPA). The first involves risk assessments and the second addresses cybersecurity audits. California would join Colorado, Connecticut, and several other states with the requirement to assess processing activities that present a significant or heightened risk of harm to consumers.