Article 12 — Cybersecurity audits and risk assessments
207 requirements in the Cybersecurity audits and risk assessments article
7150When a Business Must Conduct a Risk Assessment.
7150(a)7150(a)
7150(b)7150(b)
7150(b)(1)7150(b)(1)
7150(b)(2)7150(b)(2)
7150(b)(2)(A)7150(b)(2)(A)
7150(b)(3)7150(b)(3)
7150(b)(4)7150(b)(4)
7150(b)(5)7150(b)(5)
7150(b)(6)7150(b)(6)
7150(c)7150(c)
7150(c)(1)7150(c)(1)
7150(c)(2)7150(c)(2)
7150(c)(3)7150(c)(3)
7150(c)(4)7150(c)(4)
7151Stakeholder Involvement for Risk Assessments.
7151(a)7151(a)
7151(b)7151(b)
7152Risk Assessment Requirements.
7152(a)7152(a)
7152(a)(1)7152(a)(1)
7152(a)(2)7152(a)(2)
7152(a)(3)7152(a)(3)
7152(a)(3)(A)7152(a)(3)(A)
7152(a)(3)(B)7152(a)(3)(B)
7152(a)(3)(C)7152(a)(3)(C)
7152(a)(3)(D)7152(a)(3)(D)
7152(a)(3)(E)7152(a)(3)(E)
7152(a)(3)(F)7152(a)(3)(F)
7152(a)(3)(G)7152(a)(3)(G)
7152(a)(3)(G)(i)7152(a)(3)(G)(i)
7152(a)(3)(G)(ii)7152(a)(3)(G)(ii)
7152(a)(4)7152(a)(4)
7152(a)(5)7152(a)(5)
7152(a)(5)(A)7152(a)(5)(A)
7152(a)(5)(B)7152(a)(5)(B)
7152(a)(5)(C)7152(a)(5)(C)
7152(a)(5)(D)7152(a)(5)(D)
7152(a)(5)(E)7152(a)(5)(E)
7152(a)(5)(F)7152(a)(5)(F)
7152(a)(5)(G)7152(a)(5)(G)
7152(a)(5)(H)7152(a)(5)(H)
7152(a)(6)7152(a)(6)
7152(a)(6)(A)7152(a)(6)(A)
7152(a)(6)(A)(i)7152(a)(6)(A)(i)
7152(a)(6)(A)(ii)7152(a)(6)(A)(ii)
7152(a)(6)(A)(iii)7152(a)(6)(A)(iii)
7152(a)(6)(A)(iv)7152(a)(6)(A)(iv)
7152(a)(7)7152(a)(7)
7152(a)(8)7152(a)(8)
7152(a)(9)7152(a)(9)
7153Additional Requirements for Businesses that Process Personal Information to Train Automated Decisionmaking Technology.
7153(a)7153(a)
7153(b)7153(b)
7154Goal of a Risk Assessment.
7154(a)7154(a)
7155Timing and Retention Requirements for Risk Assessments.
7155(a)7155(a)
7155(a)(1)7155(a)(1)
7155(a)(2)7155(a)(2)
7155(a)(3)7155(a)(3)
7155(b)7155(b)
7155(c)7155(c)
7156Conducting Risk Assessments for a Comparable Set of Processing Activities or inCompliance with Other Laws or Regulations.
7156(a)7156(a)
7156(a)(1)7156(a)(1)
7156(b)7156(b)
7156(b)(1)7156(b)(1)
7157Submission of Risk Assessments to the Agency.
7157(a)7157(a)
7157(a)(1)7157(a)(1)
7157(a)(2)7157(a)(2)
7157(b)7157(b)
7157(b)(1)7157(b)(1)
7157(b)(2)7157(b)(2)
7157(b)(3)7157(b)(3)
7157(b)(4)7157(b)(4)
7157(b)(5)7157(b)(5)
7157(b)(6)7157(b)(6)
7157(c)7157(c)
7157(c)(1)7157(c)(1)
7157(c)(2)7157(c)(2)
7157(c)(3)7157(c)(3)
7157(d)7157(d)
7157(e)7157(e)
7200When a Business’s Use of Automated Decisionmaking Technology is Subject to the Requirements of This Article.
7200(a)7200(a)
7200(b)7200(b)
7220Pre-use Notice Requirements.
7220(a)7220(a)
7220(b)7220(b)
7220(b)(1)7220(b)(1)
7220(b)(2)7220(b)(2)
7220(b)(3)7220(b)(3)
7220(c)7220(c)
7220(c)(1)7220(c)(1)
7220(c)(2)7220(c)(2)
7220(c)(2)(A)7220(c)(2)(A)
7220(c)(2)(B)7220(c)(2)(B)
7220(c)(3)7220(c)(3)
7220(c)(4)7220(c)(4)
7220(c)(5)7220(c)(5)
7220(c)(5)(A)7220(c)(5)(A)
7220(c)(5)(B)7220(c)(5)(B)
7220(c)(5)(C)7220(c)(5)(C)
7220(d)7220(d)
7220(d)(1)7220(d)(1)
7220(d)(2)7220(d)(2)
7220(d)(2)(A)7220(d)(2)(A)
7220(d)(2)(B)7220(d)(2)(B)
7220(d)(2)(C)7220(d)(2)(C)
7220(e)7220(e)
7220(e)(1)7220(e)(1)
7220(e)(2)7220(e)(2)
7220(e)(3)7220(e)(3)
7220(e)(4)7220(e)(4)
7221Requests to Opt-Out of ADMT.
7221(a)7221(a)
7221(b)7221(b)
7221(b)(1)7221(b)(1)
7221(b)(1)(A)7221(b)(1)(A)
7221(b)(1)(B)7221(b)(1)(B)
7221(b)(2)7221(b)(2)
7221(b)(2)(A)7221(b)(2)(A)
7221(b)(2)(B)7221(b)(2)(B)
7221(b)(3)7221(b)(3)
7221(b)(3)(A)7221(b)(3)(A)
7221(b)(3)(B)7221(b)(3)(B)
7221(c)7221(c)
7221(c)(1)7221(c)(1)
7221(c)(2)7221(c)(2)
7221(c)(3)7221(c)(3)
7221(c)(4)7221(c)(4)
7221(d)7221(d)
7221(e)7221(e)
7221(f)7221(f)
7221(g)7221(g)
7221(h)7221(h)
7221(i)7221(i)
7221(j)7221(j)
7221(k)7221(k)
7221(l)7221(l)
7221(m)7221(m)
7221(n)7221(n)
7221(n)(1)7221(n)(1)
7221(n)(2)7221(n)(2)
7222Requests to Access ADMT.
7222(a)7222(a)
7222(b)7222(b)
7222(b)(1)7222(b)(1)
7222(b)(2)7222(b)(2)
7222(b)(3)7222(b)(3)
7222(b)(3)(A)7222(b)(3)(A)
7222(b)(4)7222(b)(4)
7222(b)(4)(A)7222(b)(4)(A)
7222(c)7222(c)
7222(c)(1)7222(c)(1)
7222(c)(2)7222(c)(2)
7222(c)(2)(A)7222(c)(2)(A)
7222(c)(2)(B)7222(c)(2)(B)
7222(c)(2)(C)7222(c)(2)(C)
7222(d)7222(d)
7222(e)7222(e)
7222(f)7222(f)
7222(g)7222(g)
7222(h)7222(h)
7222(i)7222(i)
7222(j)7222(j)
7222(k)7222(k)
7222(l)7222(l)
7270Definition of Insurance Company.
7270(a)7270(a)
7271General Application of the CCPA to Insurance Companies.
7271(a)7271(a)
7271(b)7271(b)
7271(b)(1)7271(b)(1)
7271(b)(2)7271(b)(2)
7271(b)(3)7271(b)(3)
7300Sworn Complaints Filed with the Agency.
7300(a)7300(a)
7300(a)(1)7300(a)(1)
7300(a)(2)7300(a)(2)
7300(a)(3)7300(a)(3)
7300(a)(4)7300(a)(4)
7300(a)(5)7300(a)(5)
7300(b)7300(b)
7301Investigations.
7301(a)7301(a)
7301(b)7301(b)
7302Probable Cause Proceedings.
7302(a)7302(a)
7302(b)7302(b)
7302(c)7302(c)
7302(c)(1)7302(c)(1)
7302(c)(2)7302(c)(2)
7302(c)(3)7302(c)(3)
7302(d)7302(d)
7303Stipulated Orders.
7303(a)7303(a)
7303(b)7303(b)
7303(c)7303(c)
7304Agency Audits.
7304(a)7304(a)
7304(b)7304(b)
7304(c)7304(c)
7304(d)7304(d)
7304(e)7304(e)