California Privacy Protection Agency Board of Directors Meets to Review CAPL’s Policy-Making Process – Privacy

On September 7 and 8, 2021, the Board of Directors of the California Privacy Protection Agency (“CPPA”) held a public virtual meeting regarding the rule-making process under the California Privacy Rights Act (“CPRA”). The Board has indicated that it plans to undertake preliminary rule-making activities this fall, including soliciting public comments and holding information hearings, and issuing a notice of rule-making proposal. this winter, with public hearings scheduled for winter 2021 / spring 2022. CAPP requires CAPP to adopt final bylaws by July 1, 2022.

The Council presented an overview of the rule-making process as follows.

• CAPP will first conduct draft rule development activities, including collecting written comments from the public and holding information hearings.
• The Agency will begin the formal rulemaking process by issuing an initial notice package that will include a notice of proposed rulemaking, an initial statement of reasons explaining the purpose and need for each regulation, and the text of the regulations.
• Following the publication of the initial notice package, there will be a 45-day public comment period followed by a public hearing.
• If major regulatory changes are made after the 45-day public comment period, another 45-day public comment period will be initiated, followed by a second public hearing. If further changes are made and the changes are substantial and sufficiently related to the previous rule changes, a 15 day public comment period will be initiated.
• If no substantial changes are made to the regulations, the Agency will then adopt the final text of the regulations and submit it to the Administrative Law Office for approval, with a target deadline of May 22, 2022.

To facilitate the rule-making process, the By-Laws Sub-Committee of Council proposed the creation of three rule-making sub-committees: the CCPA Rules Update Sub-Committee, -CRA New Rules Committee and the Rules Development Process Subcommittee. The CCPA Rules Update Subcommittee will update the existing rules to include the ACPL requirements, such as additional requirements for takedown requests and new data subject rights under the CCPA. ‘ACPL. ACPL’s new rules subcommittee will draft new rules on things not covered in the ACCP rules, such as cybersecurity audits, risk assessments, automated decision-making and authority to control. audit of agencies. The rule-making process subcommittee will coordinate rule-making activities and suggest additional topics for rule-making.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.