The California Department of Privacy Protection recently considered draft regulations addressing cybersecurity audits and privacy assessments that, if adopted, could have a significant impact on the development of artificial intelligence products. The proposed regulations would require many companies already subject to the California Consumer Privacy Act (CCPA) to conduct new independent audits of their cybersecurity programs and disclose personal information to train artificial intelligence. Privacy protection measures are required to be put in place before the data contained therein is used.
Data, Privacy and Cybersecurity Advisor Kevin Angle and their friends ashley fisher and Jessica Grishkan It is described in Articles for law 360 Audits require board-level involvement, as well as documentation of specific cybersecurity controls, from account management and unique passwords to record-keeping, to ensure that government agencies are under the law. CCPA and other statutes that may create basic expectations regarding “reasonable security procedures and practices” required by the CCPA. The draft regulation also proposes broad definitions of “artificial intelligence” and “automated decision-making,” which could include a variety of products. Before training artificial intelligence, companies will likely be required to conduct a detailed risk assessment and document the safeguards in place to protect the privacy of personal information.