Skip to content

The CCPA’s core requirements can be grouped broadly into three categories: (1) rights owed by businesses to Californians concerning their personal data, (2) data security breach risks and obligations, and (3) vendor management.

The CPRA expanded the scope of the first category – i.e., the rights conferred upon Californians concerning their personal data. Under the CPRA, Californians will have the right to fix errors concerning their personal information, to opt out of behavioral advertising, to object to the use of sensitive information, and to object to automated decision making and profiling.   In addition, the CPRA created two additional categories of core requirements: (1) the ability to process and retain data, which requires a company to have a record retention policy and minimize data collected, and (2) business accountability and governance, in which companies will be required to conduct security risk assessments and privacy risk assessments and appoint an employee responsible for privacy compliance.

The following chart compares the main obligations imposed by the CPRA to those that had been imposed by the CCPA:

This chart compares the main obligations imposed by the CPRA to those that had been imposed by the CCPA.

Tags: CCPA, CCPA Regulations, CPRA
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jena M. Valdetero Jena M. Valdetero

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against…

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on privacy and cyber risks associated with mergers and acquisitions, venture capital, and securities. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.

Read more about Jena M. ValdeteroJena's Linkedin Profile
Show more Show less
Photo of David A. Zetoony David A. Zetoony

David Zetoony, Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he

David Zetoony, Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation.

Read more about David A. ZetoonyDavid A.'s Linkedin Profile
Show more Show less
Related Posts
legal legal technology gavel concept
California Appeals Court Reinstates CPPA’s Ability to Enforce CPRA Regulations—Effective Immediately
February 9, 2024
shutterstock_1433345729
How do state privacy statutes differ in their definitions of 'targeted advertising'?
September 12, 2023
Binary code background vector illustration, blockchain and legal, made of triangle shape, crushing and fading in the dark-shutterstock_1299146458
How do state statutes differ in terms of their ‘targeted advertising’ exemptions?
September 12, 2023