No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

CCPA 2.0 is Here. What the CPRA Means for You.

Update to California's Landmark Data Privacy Act Strengthens and Complements Existing Regulations

by Jim Wetekamp
March 11, 2021
in Data Privacy, Featured
Ant's eye view of palm trees.

California’s CPRA bolsters its landmark data privacy law, the CCPA. Set to take effect in two years’ time, the update contains important clarifications on various definitions, minors’ data and the collection and use of personal information.

California’s new Consumer Privacy Rights Act of 2020 (CPRA) is here. The law is an expansion of the California Consumer Privacy Act (CCPA), which is designed to strengthen data privacy protections and more closely match Europe’s stringent General Data Protection Regulation (GDPR).

These tighter policies, the majority of which go into effect January 1, 2023, add to an already complex regulatory landscape. With data protection regulations only expected to grow in size and scope in the coming years, you’ll want to fine-tune your approach now to stay on top of evolving mandates.

What Is the CPRA?

The CPRA is designed to strengthen and clarify the privacy requirements of last year’s CCPA. Some of the most noteworthy provisions of the CPRA include:

  • A new “sensitive personal information” category. This covers race and ethnicity, driver’s licenses, social security numbers, login credentials, biometric information, precise geolocation data and more.
  • Consumers’ right to rectification of data. This limits disclosure of sensitive personal information. It complements protections instituted by the CCPA, such as the right to know, access, delete and opt out of data collection, along with the right to nondiscrimination.
  • Automatic fines of $7,500 for violations involving minors. This separates out violations involving the personal information of children under the age of 16 from other types of violations and imposes the maximum fine – whether or not the violation was intentional.
  • New rules on data collection and usage. This means that companies can only collect data they reasonably need to provide goods and services.
  • A new mandate for annual audits and risk assessments. This is required if data processing presents risk to consumer privacy or security.
  • Expanded definition of “sell.” The term sell has been broadened to include “sell or share.” The new definition includes a business sharing data with a third party for the benefit of the business with or without the exchange of money.

The CPRA also adds muscle to the CCPA by creating a new government agency – the California Privacy Protection Agency – dedicated to handling enforcement and compliance with the new regulations.  Moving enforcement away from the attorney general means there will likely be even greater scrutiny. The CPRA also eliminates the CCPA’s 30-day period to cure violations, so it’s even more important to get it right the first time.

How to Become CPRA Compliant

Your roadmap to CPRA compliance depends on the specific information you’re collecting, your processing methods and the security and privacy procedures already in place. If you have taken steps to comply with the CCPA, you’re off to a good start with CPRA compliance, but there are still several considerations, regardless of where you are in your journey:

  1. Take a close look at existing privacy practices and policies. Assess your current procedures and safeguards, especially if you haven’t yet complied with the CCPA. If you did make changes to comply with the CCPA, make sure sensitive personal information has been considered. Also, determine if any changes need to be made to how you’re obtaining consent for processing sensitive data. Do you need to incorporate any additional opt-out functionality?
  2. Create a centralized repository of all data within scope. Inventory all the information your organization possesses that could be within the scope of the CPRA. Why is it being collected, and which consumer profiles, vendors, third parties and service providers are involved? Having this data all in one place makes it easier to classify and take subsequent steps for compliance.
  3. Don’t forget about your vendors. Third parties also have obligations under the CPRA. Your compliance depends on their compliance. Review your existing contracts and templates to ensure the terms reflect vendor obligations under the legislation.
  4. Train your team. Everyone within the company should understand what they need to do to maintain CPRA compliance. Also understand how people within the organization are addressing their specific obligations, what data they’re processing and how they’re handling the information.
  5. Make your activities reportable. If a regulator comes knocking, you want to be confident about what your organization is doing to adhere to CPRA mandates. Record, track and centralize all privacy activities so the information necessary to prove your compliance is right at your fingertips.
  6. Streamline with technology. The right tools can help risk and compliance teams simultaneously manage and enforce many mandates – CCPA, HIPAA, GDPR as well as the CPRA. In addition to performing risk and readiness assessments, using technology to develop questionnaires for data privacy impact analysis (DPIA) speeds up the process and shows you which processes are important for compliance.

The Data Privacy Movement

Privacy laws are picking up steam across the U.S. In 2019, New York passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which created more data security requirements for companies that collect information on New York residents. Washington has proposed the Washington Privacy Act, which would grant consumers the right to access, transfer, correct and delete the data companies hold on them. Meantime, the prospect of federal legislation is increasing.

If this activity is any indication, we’re likely to see much more in the way of data privacy regulations. Take steps now to put the policies, processes and technology in place to comply with the CPRA – and provide a solid foundation to keep up with any future requirements in this rapidly changing world of data privacy. The right tools, mindset, best practices and processes will ensure your organization is set up for long-term success.


Tags: California Consumer Privacy Act (CCPA)California Privacy Rights Act (CPRA)
Previous Post

Regulation in a New Administration: Priorities for Information Governance Strategies 

Next Post

In Focus

Jim Wetekamp

Jim Wetekamp

Jim Wetekamp is the CEO of Riskonnect, a leading provider of integrated risk management software. Jim is a recognized expert on enterprise risk, supply chain, and third-party risk management.

Related Posts

todd snyder runway show scarf

Lessons Learned: Todd Snyder CCPA Enforcement Action

by Richart Ruddie
May 29, 2025

Third-party risk, overcollection of data and lax training all cited by California data privacy enforcer

federal trade commission building

[Q&A] Big Tech & Free Speech Under the Microscope: FTC’s New Direction

by FTI Consulting
April 28, 2025

What compliance teams need to know about the changing approach to consumer protection and data privacy

data governance concept

The US Still Lacks Its Own GDPR, But That Doesn’t Mean Data Privacy Enforcement Isn’t Happening

by Brian McGinnis and Maddie San Jose
April 16, 2025

Despite the absence of comprehensive federal privacy legislation, American businesses face mounting regulatory pressure from multiple directions. Brian McGinnis and...

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

Next Post
In Focus

In Focus

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights