Michael Young

Michael advises and represents clients on complex privacy, AI and data protection issues. From pre-venture startups to some of the most recognizable brands in the world, whether strategic or transactional, Michael specializes in helping companies find answers that are right for them given their unique challenges.

Follow:

Understanding California Cyber Audit Requirements

By Michael Young on February 11, 2026

Posted in Cybersecurity

Under new regulations effective January 1, 2026, California regulators now expect businesses to conduct an annual “cybersecurity audit” that assesses “how the business’s cybersecurity program protects personal information from unauthorized access, destruction, use, modification, or disclosure; and protects against unauthorized activity resulting in the loss of availability of personal information.”

Now is the time to…

New CCPA Risk Assessment Requirements Now In Effect

By Michael Young & Beau Braswell on February 4, 2026

Posted in California Consumer Privacy Act

Under newly implemented regulations of the California Consumer Privacy Act (CCPA), California now requires a formal risk assessment “before initiating any processing activity” of certain (sensitive) sorts. The regulation explicitly contemplates that businesses will complete risk assessments now, in 2026.

Eventually, such risk assessments – including those completed this year – must be signed by…