California Privacy Rights Act (CPRA) and Key Compliance Requirements

The California Privacy Rights Act (CPRA) passed by voters in 2020 comes into effect on January 1, 2023. It is considered to be an amendment to the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the key changes to California’s landmark CCPA that included in the CPRA and what businesses have to do to comply with the law.

We will discuss the differences between the CPPA and the CPRA, which adds some consumer rights in California. All of the consumer rights extended by both the CCPA and the CPRA will be delineated and explained. The CPRA also defines what is meant by a business, service provider, contractor, and third party.

Further, it defines what is meant by the sale of personal information, the sharing of personal information, and sensitive personal information.

We will also discuss the thresholds required for the CPRA to be applicable to a company, and if it does apply, how a company can prepare by making any necessary policy or procedural changes in order to comply.

The California Consumer Privacy Act (CCPA) was enacted into law on June 28, 2018 and became effective on January 1, 2020. CCPA provided a variety of consumer privacy rights and the obligations of business related to their storage and sale of personal information. Voters in California voted to approve Proposition 24, a ballot measure, on November 3, 2020, which created the California Privacy Rights Act (CPRA). The purpose of CPRA was to modify and expand the requirements of the CCPA, thus amending the original act. CPRA is commonly referred to as “CCPA 2.0.”

CPRA ends the ban on providing the CCPA’s consumer privacy rights to a company’s employees. Under CPRA, all employers must respond to requests from employees to access or correct their personal data. Enforcement of CPRA will become effective in July 2023, enabling companies six months to ramp up their efforts to comply with it.

CPRA also extends new protections to consumers residing in California. Those organizations doing business with these consumers are subject, based on defined threshold of operation, to the compliance requirements.

Any company that does business in the state of California must understand the rules that would force them to comply with both the CCPA and the CPRA amendment to it. Knowing whether these apply to your company is critical in order to fully prepare and be in compliance by July 2023, as any company doing business in California and meeting the thresholds described must comply by that date. This may mean a change to existing policies and procedures, and creating any necessary mechanisms for handling personal information of California residents in compliance with the rule.

It is important to know whether CPPA and CPRA apply to your company, what obligations you may have imposed on your company as a result, and what you must do to comply with these.

• The California Privacy Rights Act (CPRA)
• The California Privacy Protection Act (CPPA)
• New consumer rights extended to those residing in California through the amended CPPA, or CPRA
• Enforcement obligations for the CPPA and CPRA
• The California Privacy Protection Agency, newly created as part of the CPPA
• Delineation by thresholds of which companies operating in California are obligated to comply
• Specific obligations of companies that are subject to CPPA and CPRA
• Actions companies may take to ensure compliance with the CPPA and CPRA
• Definitions of sale, sharing, and related terms intended to describe actions by a company related to a consumer’s personal information
• Privacy policies and procedures to be considered by companies obligated to comply
• Actions consumers may take in a case where a company misuses their personal information or otherwise fails to comply with CPPA and/or CPRA

• Key definitions of terms related to data privacy and the CCPA and CPRA
• Key differences between the CCPA and CPRA, including new consumer rights extended through the CPRA
• Key aspects of the CPPA and CPRA that describe or characterize companies that must comply
• Key obligations of companies obligated by the CPPA and CPRA
• Key rights of consumers based on the CPPA and CPRA
• Enforcement of the CPPA and CPRA

This webinar will provide valuable insights to:

• CISOs, CIOs, CTOs 
• Computer Information Security Professionals
• Computer Information Security Directors and Managers
• Professionals responsible for data management and governance
• Professionals responsible for data integrity
• Legal Professionals, Privacy and Compliance Professionals
• Human Resource Professionals, Managers of Internal Audit
• Resources engaged in Internal Audit
• Professionals and Consultants engaged in Data Privacy and Security
• Cybersecurity Professionals and Consultants
• Risk Management Professionals and Consultants