CPRA

TECHNICAL DEFINITION

The California Privacy Rights Act (CPRA) is a comprehensive data privacy law in California, enacted as Proposition 24 in 2020, which significantly expands and amends the California Consumer Privacy Act (CCPA) by granting consumers enhanced rights over their personal data, including data correction and limiting sensitive data use, and establishing the California Privacy Protection Agency (CPPA) for enforcement.

BACKGROUND

Privacy laws vary from state to state within the United States of America. Several states have recently passed new legislation that adapt to changes in cyber security laws, medical privacy laws, and other privacy related laws. State laws are typically extensions of existing United States federal laws, expanding them or changing the implementation of the law.

SYNONYMS & ALIASES

• California Privacy Rights Act
• CCPA 2.0
• Prop 24
• California privacy law

USAGE NOTE

Businesses operating in California or processing California residents' data must comply with CPRA, often requiring significant changes to data handling practices, privacy policies, and security measures.

DEVELOPERS

Organizations developing technology related to CPRA.

• OneTrust

  OneTrust provides a comprehensive privacy management software platform that helps organizations operationalize compliance with global privacy regulations, including CPRA, through solutions for consent, preference management, data mapping, and data subject access requests (DSARs).

• TrustArc

  TrustArc offers a privacy management platform that includes tools for privacy program management, data inventory, risk assessments, and compliance with various global regulations like CPRA, helping companies build and maintain privacy programs.

• BigID

  BigID specializes in data discovery, classification, and privacy management solutions, enabling organizations to identify, understand, and protect sensitive and personal data across their environments, which is crucial for CPRA compliance.

• WireWheel

  WireWheel provides a privacy management and automation platform designed to help organizations manage data subject access requests (DSARs), conduct data protection impact assessments, and maintain compliance with privacy regulations such as CPRA.

• Securiti AI

  Securiti AI offers an AI-powered platform for data privacy, security, and governance, automating CPRA compliance tasks such as data discovery, consent management, DSAR fulfillment, and data risk assessments.

• Osano

  Osano provides a platform for consent management and data privacy that helps businesses comply with global privacy laws, including CPRA, by managing cookie consent, handling data subject requests, and maintaining privacy policies.

• Privacera

  Privacera offers a data security and governance platform that helps enterprises enforce fine-grained access control and privacy policies across their data estates, ensuring compliance with regulations like CPRA, especially in cloud and big data environments.

• Ethyca

  Ethyca focuses on privacy engineering automation, developing tools and APIs that enable companies to embed privacy-by-design principles into their software and data pipelines, streamlining compliance with regulations like CPRA.