The November 2020 election left a lot of questions. Among them, companies doing business in California are now asking about compliance with yet another California data privacy law, this time the California Privacy Rights and Enforcement Act of 2020 (the “CPRA”). This article gives an overview addressing the what, when, and how of the CPRA. (We won’t hazard a guess as to the why—we leave that to the backers of the new law.)
What is the CPRA?
The CPRA builds on the California Consumer Privacy Act of 2018 (the “CCPA”) in a number of key ways. It includes: new consumer rights, new requirements for businesses, and a number of other miscellaneous changes. Some parts of the CCPA will remain in effect, and others are rephrased or clarified. We provide below a high-level overview of topics we believe businesses should be thinking about now as they look ahead to building-out their CPRA compliance programs.