Updated Requirements for Automated Decision-Making Technology (ADMT), Risk Assessments, and Cybersecurity Audits
In this Insight Session, we take a closer look at the California Privacy Protection Agency’s finalized regulations under the California Consumer Privacy Act (CCPA), issued on July 24, 2025. Covering automated decision-making technology, risk assessments, and cybersecurity audits, these rules mark a significant expansion of compliance obligations for organizations operating in California. The regulations will take effect once approved by the Office of Administrative Law.
We’ll explore the legal, regulatory, and operational implications of these changes, from data processing and governance to recordkeeping and IT security. With new requirements on the horizon, businesses will need to carefully consider both leadership-level strategy and hands-on operational practices to ensure readiness.
You’ll gain practical guidance on how to align policies, systems, and teams to prepare for compliance and manage risk effectively.
Tune in to hear the conversation on:
- The new requirements and the scope of applicability under the CCPA.
- Key questions leadership and risk executives should be addressing now.
- How privacy and IT security teams can begin preparing for compliance.
- Cybersecurity audit applicability, controls, and reporting obligations.
- Requirements for written certification to the CPPA.
