The California Consumer Privacy Act (CCPA) was amended, effective January 1, 2023, by the California Privacy Rights Act (CPRA). This change gives California consumers additional enhanced controls over their personal data if a company meets a single CPRA criterion.
The criteria are:
Enforcement of CCPA/CPRA is not bound by geography; instead, the law protects the personal data of California residents regardless of physical location.
The SureShield platform simplifies CPRA, formerly, CCPA compliance by automating technical
controls and guiding you through operational controls. SureShield’s automation will reduce your
overall compliance cost by up to 70% when compared to traditional, labor-intensive compliance
methods. For organizations requiring compliance to multiple frameworks, crosswalk automation
drives cost savings up toward 90%.
Making data practices public and giving consumers the opportunity to make privacy requests earn trust and goodwill.
Smaller businesses can use CCPA/CPRA compliance to signal they’re competitive with anyone.
Successful CCPA/CPRA compliance today will greatly reduce future effort required when other states pass their compliance laws.
CCPA/CPRA is strongly influenced by the EU’s primary data privacy regulation, GDPR. The rights of individuals to control their data are highly protected under both frameworks. Once significant difference: Under CCPA/CPRA, data may be collected until the consumer opts out, whereas, under GDPR, no data may be collected until the consumer opts in.
Consumers have the right to delete the information businesses acquire and refuse the sale of their data without repercussions. Organizations that collect PII are required to implement and maintain reasonable data security practices and procedures. Sanctions and other remedies can be imposed for violations, regardless of whether there was intent.
Organizations required to comply with CCPA/CPRA must have websites that include:
The CPPA is actively working on several sets of proposed regulations:
Enforcement Advisory on Data Minimization:
Activate CCPA/CPRA framework
Install scanner for compliance evidence gathering
Review baseline evidence to score compliance control status
Close compliance gaps
Ongoing compliance and gap surveillance
Enforced maintenance of compliance readiness
Do you need help assessing your compliance readiness? Learn how our automated crosswalk technology will dramatically reduce your labor requirements. Schedule your free consulting session, up to 1 hour.