Keeping Up with California Privacy Laws: CCPA vs CPRA

Effective January 1, 2023, California Privacy Rights Act (CPRA) effectively replaces the CCPA. It impacts many organizations that do business in California.

Let’s see what has changed:




Data Categories

“Sensitive Personal Information” receives special protections.

Selling Personal Information

Opt-Out Rights

Expands to include info sharing with advertisers.

Limited to “Existing Systems”


Full deletion, including with shared third parties.


Cybersecurity Audits

Annual, enforced by new California Privacy Protection Agency.

Businesses with >50,000 customers.

Size Threshold

Businesses with >100,000 customers.

Limited to name + private personal info (e.g., SSN, credit card number, health information).

Private Right of Action

Expands to include email address & passwords that permit access to accounts.

Accountability and control.


Expands to include purpose limitation, storage minimization, and data minimization.

VENZA can help you stay compliant with vendor security assessments, privacy management solutions, and notification process design services.

For more information or to get started with VENZA today, contact

Fill out the form below to download your copy of this guide.