CPRA Could Bring Stricter Data Privacy Enforcement: Here’s How To Prepare
California’s passage of the California Privacy Rights Act (CPRA) on November 3 builds upon the California Consumer Privacy Act (CCPA). The EU’s privacy regulation, GDPR, is the gold standard in terms of data privacy laws, and CPRA gets closer to that standard by reflecting society’s increased desire for data privacy. Additionally, CPRA gives consumers even greater control over and access to personal data collected by companies than what CCPA did.
For covered entities, this may feel like a regulatory “one-two punch” because CCPA was just signed into law in January, with enforcement commencing in July. The good news for businesses is that CPRA will not go into effect until 2023, which gives businesses time to institute the necessary infrastructure to comply. While CPRA has many facets that must be examined, as explained by IAPP in May, I believe there are three areas of the new law that bring significant challenges as they relate to data protection:
• Creation of the California Privacy Protection Agency (CalPPA).
• Creation of the sensitive personal information category.
• Expanded consumer rights and data controller compliance.
Join our newsletter
Schedule a Demo with the Baffle team
Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.
Easy
No application code modification required
Fast
Deploy in hours not weeks
Comprehensive
One solution for masking, tokenization, and encryption
Secure
AES cryptographic protection
Flexible
No impact to user experience