Another CA Requirement
As of Jan. 1st, the California Consumer Protection Act (“CCPA”) and accompanying regulations now require businesses to complete a risk assessment before engaging in certain “high-risk” personal information processing. California businesses must conduct this risk assessment prior to any of the following activities:
Selling or sharing personal information
Processing “sensitive personal information,” which includes a broad range of data types
Using personal information in connection with automated decision-making technology to make significant decisions about consumers, including financial transactions
Profiling a consumer through systemic observation (i.e., methodical and regular or continuous observation) when the consumer is acting in their capacity as an educational program applicant, job applicant, student, employee, or independent contractor for the business
