You are watching a webinar preview. To view the full webinar, log in to your Justia Connect account or sign up for free.

Cybersecurity & AI Governance Assessments: Privacy Compliance Under the CCPA & Beyond

California’s new CCPA regulations from the California Privacy Protection Agency move privacy from paperwork to proof. This session unpacks the CPPA’s Cybersecurity Audits (Article 9), Risk Assessments (Article 10), and Automated Decision-Making Technology governance (Article 11), with cross-references to state data-protection assessment laws and standards from NIST (including SP 800-53) and the International Standardization Organization (ISO).

This presentation shows how to build a CPPA-ready vendor management program that prioritizes proof over paper. It translates legal requirements into a practical assessment workflow with risk scoring, continuous monitoring, and enforceable contract controls. And beyond CPPA, it shows how the same evidence framework scales across jurisdictions and standards, supports board and executive reporting, and strengthens diligence and defensibility for any high-stakes vendor ecosystem.

Who the regulations impact: Any business processing California personal information, plus their service providers; however, other states are tracking the same path

Who this presentation is for: In-house and outside counsel advising on privacy, contracts, product, M&A, or litigation

Why attend: Learn what the rules demand and how to implement them so as to comply with audits, assessments, ADMT notices and safeguards, vendor oversight, and board reporting

Duration of this webinar: 60 minutes

Originally broadcast: November 25, 2025 10:00 AM PT

Webinar Highlights

This webinar is divided into section summaries, which you can scan for key points and then dive into the sections that interest you the most.

00:00 Introduction

Eran Kahana, an expert in AI, cybersecurity, and intellectual property law, is introduced as the speaker. Eran discusses his background and the growing interest in AI within the legal profession. He introduces a tool created with AI, which he will discuss during the presentation.

05:09 Cybersecurity Audits and CPPA Compliance

Eran emphasizes the practical application of his academic work at Stanford. He introduces Keystone Pro, a tool for CPPA compliance and cybersecurity assessments. Eran discusses the updated CPPA compliance requirements and their implications beyond California. He highlights the importance of cybersecurity audits for businesses handling consumer information. Eran stresses the inevitability of cybersecurity breaches and the need for preparation. He outlines the components of a cybersecurity audit, including multifactor authentication and encryption.

12:15 Risk Assessment and Management

Eran discusses the importance of understanding NIST standards for cybersecurity. He introduces the Keystone Pro form as a tool for CPPA compliance. The form includes a risk assessment summary for executives to understand risks clearly. Eran shares a story to illustrate the importance of preparedness in risk management. He emphasizes the need for systematic approaches to cybersecurity audits. Eran highlights the importance of documenting and understanding data residency and handling.

28:00 Vendor Assessments and Controls

Eran emphasizes the need for evidence-based compliance and structured vendor assessments. He highlights the role of standards like NIST and ISO in vendor assessments. He discusses the importance of realistic controls based on vendor criticality. Eran stresses the need for financial stability and governance in vendor evaluations. He outlines the collaborative nature of risk assessments involving various business teams.

43:12 Insurance and Continuous Monitoring

Eran discusses the importance of insurance and continuous monitoring in cybersecurity. He emphasizes the need for comprehensive risk assessments and governance analysis. Eran highlights the importance of encryption and data protection in risk assessments. He discusses the methodology for risk assessment, including weight, likelihood, and impact. He emphasizes the need for systematic compliance and audit rights in contracts.

01:00:00 Communication and Executive Engagement

Eran emphasizes the importance of communication and executive engagement in cybersecurity. He highlights the board-level significance of cybersecurity issues. Eran stresses the need for clear records and fact-based decision-making. He discusses the importance of maintaining privilege and using structured tools like Keystone Pro.

Please note this AI-generated summary provides a general overview of the webinar but may not capture all details, nuances, or the exact words of the speaker. For complete accuracy, please refer to the original webinar recording.

Speaker

Eran Kahana Counsel & Fellow
Maslon LLP

Eran Kahana is an AI, cybersecurity, and intellectual property lawyer as well as a Fellow at Stanford Law School, a member of the Advisory Board of Stanford Law School’s Stanford Artificial Intelligence & Law Society, and an Adjunct Professor of Law at the University of Minnesota Law School. Read More ›

Continuing Legal Education (CLE) Credits

*CLE credit is only available to Justia Connect Pros. Not a Pro? Upgrade today>>

California CLE

Status: Approved

Credits: 1.00 General

Earn Credit Until: June 30, 2026

New Jersey CLE

Status: Approved

Credits: 1.20 General

Earn Credit Until: November 24, 2026

North Carolina CLE

Status: Approved

Credits: 1.00 General

Earn Credit Until: February 28, 2026

Texas CLE

Status: Approved

Credits: 1.00 General

Earn Credit Until: October 31, 2026

This presentation is approved for one hour of General CLE credit in California, and North Carolina. This program has been approved by the Board on Continuing Legal Education of the Supreme Court of New Jersey for 1.20 hours of total CLE credit. This course has been approved for Minimum Continuing Legal Education credit by the State Bar of Texas Committee on MCLE in the amount of 1.00 credit hours.

Justia only reports attendance in jurisdictions in which a particular Justia CLE Webinar is officially accredited. Lawyers may need to self-submit their certificates for CLE credit in jurisdictions not listed above.

Note that CLE credit, including partial credit, cannot be earned outside of the relevant accreditation period. To earn credit for a course, a lawyer must watch the entire course within the relevant accreditation period. Lawyers who have viewed a presentation multiple times may not be able to claim credit in their jurisdiction more than once. Justia reserves the right, at its discretion, to grant an attendee partial or no credit, in accordance with viewing duration and other methods of verifying course completion.

At this time, Justia only offers CLE courses officially accredited in certain states. Lawyers may generate a generic attendance certificate to self-submit credit in their own jurisdiction, but Justia does not guarantee that lawyers will receive their desired CLE credit through the self-submission or reciprocity process.

Looking for CLE credit? Visit CLE Dashboard