Skip to content

CPRA Could Bring Stricter Data Privacy Enforcement: Here’s How To Prepare


California’s passage of the California Privacy Rights Act (CPRA) on November 3 builds upon the California Consumer Privacy Act (CCPA). The EU’s privacy regulation, GDPR, is the gold standard in terms of data privacy laws, and CPRA gets closer to that standard by reflecting society’s increased desire for data privacy. Additionally, CPRA gives consumers even greater control over and access to personal data collected by companies than what CCPA did.

For covered entities, this may feel like a regulatory “one-two punch” because CCPA was just signed into law in January, with enforcement commencing in July. The good news for businesses is that CPRA will not go into effect until 2023, which gives businesses time to institute the necessary infrastructure to comply. While CPRA has many facets that must be examined, as explained by IAPP in May, I believe there are three areas of the new law that bring significant challenges as they relate to data protection:

• Creation of the California Privacy Protection Agency (CalPPA).

• Creation of the sensitive personal information category.

• Expanded consumer rights and data controller compliance.


(Link to the Article)

Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.


No application code modification required


Deploy in hours not weeks


One solution for masking, tokenization, and encryption


AES cryptographic protection


No impact to user experience