In Parts 1-3 of this series, we covered the mechanics of the CCPA’s new cybersecurity audit requirement: who is covered, when audits are required, what must be audited, who can perform the audit, how it fits with existing security frameworks, and what needs to be documented.
In Part 1 of this series, we outlined the basics of the California Consumer Privacy Act’s (CCPA) new cybersecurity audit requirement: who is covered, when audits are required, and the key obligations to keep in mind. In Part 2, we explored the mechanics and explained what the California Privacy Protection Agency (CalPrivacy) expects the cybersecurity audit to look like in practice, including what must be evaluated, who may conduct the audit, how thorough it must be, and what goes into the audit report.
In Part 1 of this series, we walked through the basics of the California Consumer Privacy Act’s (CCPA) new cybersecurity audit requirement: which businesses are covered, when audits are required, and the high-level obligations to have on your radar.
This five-part series provides an introductory roadmap to the California Consumer Privacy Act’s (CCPA) new cybersecurity audit requirement and the California Privacy Protection Agency’s (CalPrivacy) implementing regulations.