Keeping Up with California Privacy Laws: CCPA vs CPRA
Effective January 1, 2023, California Privacy Rights Act (CPRA) effectively replaces the CCPA. It impacts many organizations that do business in California.
Let’s see what has changed:
CCPA – BEFORE
CPRA – AFTER
None
Data Categories
“Sensitive Personal Information” receives special protections.
Selling Personal Information
Opt-Out Rights
Expands to include info sharing with advertisers.
Limited to “Existing Systems”
Right-to-Delete
Full deletion, including with shared third parties.
None
Cybersecurity Audits
Annual, enforced by new California Privacy Protection Agency.
Businesses with >50,000 customers.
Size Threshold
Businesses with >100,000 customers.
Limited to name + private personal info (e.g., SSN, credit card number, health information).
Private Right of Action
Expands to include email address & passwords that permit access to accounts.
Accountability and control.
Principles
Expands to include purpose limitation, storage minimization, and data minimization.
VENZA can help you stay compliant with vendor security assessments, privacy management solutions, and notification process design services.
For more information or to get started with VENZA today, contact sales@venzagroup.com
Fill out the form below to download your copy of this guide.