• |

Nov. 1, 2023

Examining Security Mandates, Including California’s Draft Audit Regulations, in State Privacy Laws

  • Matt Fleischer-Black
    Cybersecurity Law Report
The cybersecurity mandates in U.S. state privacy laws often are overlooked. However, the requirements are not slight – they fall into four basic categories, including securing personal information, ensuring third parties do the same, assessing cyber measures and reporting assessment or audit results to AGs. Adding to existing requirements, last month, California’s privacy regulator released a bold draft regulation under the California Privacy Rights Act that proposes a costly audit of 18 mandatory components, including a first-ever requirement to use zero trust architecture, of a company’s cyber program. This article examines the shifting cybersecurity landscape across state laws and includes analysis shared with the Cybersecurity Law Report by Frankfurt Kurnit partner Richard Borden and insights delivered during the recent International Association of Privacy Professionals’ Privacy.Security.Risk conference by Morrison Foerster and Ampersand counsel. See our two-part series analyzing 2023’s new state privacy laws: “The First Six Plus Compliance Measures” (Jun. 28, 2023), and “Oregon and Delaware Join the Strictest Tier” (Jul. 12, 2023).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.