Risk Assessments

Subscribe to Risk Assessments via RSS

On July 24, 2025, during a public meeting following public comment, the California Privacy Protection Agency (CPPA) Board unanimously approved amendments to the California Consumer Privacy Act (CCPA). These substantial changes include new obligations for businesses subject to the CCPA. Significantly, the updates emphasize CPPA’s new regulatory focus over AI decision-making and cybersecurity in addition

This post was co-authored by Mark Abou Naoum, Summer Associate. Mark is not admitted to practice law.

Before assuming his new role as Executive Director for the California Privacy Protection Agency (CPPA), Tom Kemp served as a volunteer policy advisor on the Delete Act in 2023 and California’s 2020 ballot initiative, which amended the California

This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making technology (ADMT), and insurance.

The CPPA received comments on the first draft of the regulations between November 22, 2024, and February 19, 2025, and the feedback was

A new report issued by the National Academies of Sciences, Engineering and Medicine says that the Federal Aviation Administration (FAA) should revise its approach for safety risk assessments for the technology associated with implementation of drones into the national airspace. Specifically, the report says that the FAA’s overly conservative approach to safety risk assessments can

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results