Data Privacy
Oct. 23, 2025
CCPA legal update series Part 2: CCPA finalizes cybersecurity audit rules
California's newly finalized CCPA regulations now require certain high-revenue or high-data-volume companies to conduct and certify annual cybersecurity audits -- demanding independent, standards-based reviews, detailed reporting and strict executive accountability.
Sarah L. Bruno
Partner
Reed Smith LLP
Sarah L. Bruno is a partner in the Emerging Technologies group at global law firm Reed Smith based in San Francisco, advising companies in the entertainment, technology, beauty, consumer product, and health care spaces in all areas of data security and privacy, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), Virginia's Data Protection Act, and Colorado's Data Privacy Act. She assists clients with data audits and the development of governance systems that depend on jurisdictional issues as well as the nature of the data.
Grace D. Wiley
Associate
Reed Smith LLP
Grace D. Wiley is an associate in the firm's San Francisco office, focusing her practice on entertainment and technology matters, including privacy compliance, regulatory counseling, and mergers and acquisitions. She also supports on other general pre-litigation matters.
As we discussed in Part 1 of our series, "CCPA finalizes ADMT rules, reshaping privacy compliance," Daily Journal, Oct. 10, the California Office of Administrative Law announced in September that the $95
Or access this article for $45
(Purchase provides 7-day access to this article. Printing, posting or downloading is not allowed.)
Already a subscriber?
Sign In