California’s Cybersecurity Audit Rule
Wednesday, August 20, 2025 | 10:00 a.m. (PT) | B-CLE
0.75 General CLE & CPE Credit Available
Recording ($115) | Resources | Speaker Bio & Contact Info
With compliance deadlines starting in 2028 and strict requirements for risk assessments, data governance, and audit procedures, new cybersecurity rules are on the horizon. Join us in this timely and practical session as renowned privacy and cybersecurity expert Jim Dempsey breaks down California’s groundbreaking new CPRA cybersecurity audit rule, what it means for your organization, and how to prepare now to avoid legal and regulatory pitfalls later.
Whether you’re a privacy officer, general counsel, CISO, or advising California-facing clients, this is a can’t-miss session on the future of data security regulation.
In this session, you’ll learn how to:
- Understand the scope and applicability of California’s cybersecurity audit requirements under the CPRA
- Identify whether your business qualifies as presenting a “significant risk”
- Prepare for annual cybersecurity audits—internal or external—and what they must include
- Assess how the rule defines “reasonable cybersecurity” through two dozen technical and organizational control areas
- Navigate key compliance deadlines and implementation timelines
- Anticipate the litigation and enforcement risks created by audit documentation
- Leverage the audit process to support internal governance and board-level oversight
Speaker(s):
Jim Dempsey, UC Berkeley School of Law