The California Privacy Rights Act (CPRA) is a California state law that was passed in November 2020 and went into effect on January 1, 2023. It builds upon the California Consumer Privacy Act (CCPA), which was enacted in 2018, and provides additional protections for California residents' personal information.
The CPRA expands upon the rights of California residents to control their personal information, including the right to know what personal information is being collected about them, the right to request that their personal information be deleted, and the right to opt out of the sale of their personal information. Additionally, the CPRA introduces new rights, such as the right to correct inaccurate personal information and the right to limit the use of sensitive personal information, such as precise geolocation data or personal information about a consumer's race or ethnicity.
The CPRA also includes new requirements for businesses, such as the requirement to appoint a data protection officer and the requirement to conduct regular data protection assessments. Businesses will also be required to disclose more information about their data collection and sharing practices, and to provide consumers with more detailed information about their rights under the law.
One of the main goals of the CPRA is to give California residents more control over their personal information, and to hold businesses accountable for protecting this information. The law is designed to provide a baseline of protection for all California residents, regardless of the type of business they interact with or the type of personal information they share.
As per the California Attorney General's website, the California Privacy Rights Act (CPRA) amends the California Consumer Privacy Act (CCPA) and gives Californians additional rights and protections, such as:
- The right to opt-out of the “sale” of personal information.
- The right to request that a business delete personal information about the consumer that the business has collected.
- The right to request that a business disclose the categories of personal information it has collected, used, disclosed, and sold about the consumer in the preceding 12 months.
- The right to request that a business disclose the categories of third parties with whom the business has shared personal information about the consumer in the preceding 12 months.
- The right to request that a business disclose the specific pieces of personal information it has collected about the consumer.
- The right to request that a business not sell the consumer’s personal information.
- The right to not be discriminated against for exercising any of the consumer’s rights under the CPRA.
You can find more information on CPRA on the official website of the California attorney general: https://oag.ca.gov and for the reference document : https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB-1202.
How Does CPRA apply to my business?
All businesses should be asking the following questions:
- Does CPRA apply?
- What would it take to allow deletion of personal information?
- Am I safe from liability?
If you need additional help complying with CPRA, contact us. Our team can help your business comply with CPRA.
