High-risk artificial intelligence systems: duty to protect personal information.
The legislation imposes a duty on 'covered deployers'—defined as businesses that utilize high-risk AI systems—to maintain specific security protocols that protect user data from unauthorized access and breaches. This includes developing administrative, technical, and physical safeguards appropriate to the size and nature of the business. The security programs must also undergo regular assessments to address vulnerabilities and ensure compliance with legal standards. Such measures reinforce California's stance as a leader in data privacy and protection.
Senate Bill 468, introduced by Senator Becker, establishes a comprehensive framework for the protection of personal information processed by high-risk artificial intelligence systems in California. The bill builds upon existing legislation, specifically the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), which provide foundational rights for consumers regarding their personal data. SB468 requires businesses that deploy these high-risk AI systems to create and implement robust information security programs that safeguard personal information, aligning with state and federal regulations.
One notable point of contention regarding SB468 exists around the definition of 'high-risk artificial intelligence systems' and the practical implications for businesses that deploy such technology. Critics argue that the broad application of these definitions may lead to excessive regulatory burdens, particularly for smaller companies. Proponents, on the other hand, advocate for the necessity of stringent data protection measures given the increasing reliance on AI systems that handle sensitive personal information. The bill’s relationship to existing laws and potential overlaps may also raise concerns regarding its enforcement and regulatory clarity.