CCPA Cybersecurity Audit Requirements: What Businesses Need to Know

The new cybersecurity audit regulations under the California Consumer Privacy Act (CCPA) raised a host of legal questions and practical issues — from identifying the systems that are in scope, to navigating auditor independence and influence considerations, to managing litigation-related risks from resulting audit reports, to executive certification under penalty of perjury. Taking the wrong approach could create real regulatory and litigation risks for a business.

This practical briefing was about the new requirements and what they mean for the many businesses that will fall within scope. We discussed where these regulations created risk in practice, highlighted key decisions for companies to consider, and discussed steps that businesses can take to help reduce legal risks.

For additional information, please contact Alayne Thomas at athomas@mayerbrown.com or +1 312 701 7529.