Not specifically. While the CPRA will require businesses whose processing poses a “significant risk” to consumers’ privacy or security to conduct an annual risk assessment and submit it to the newly-created California Privacy Protection Agency, the CPRA does not require that businesses appoint a “Chief Privacy Officer” or similar individual responsible for compliance with the
The CCPA’s core requirements can be grouped broadly into three categories: (1) rights owed by businesses to Californians concerning their personal data, (2) data security breach risks and obligations, and (3) vendor management.
The CPRA expanded the scope of the first category – i.e., the rights conferred upon Californians concerning their personal data. Under the
Likely no. While the CCPA provides for statutory damages if certain personal information is exposed in a data breach due to a business’s failure to have reasonable and appropriate security in place, the CPRA goes a step further. The CPRA requires the California government to issue regulations requiring businesses whose processing of consumers’ personal information
The CCPA provides California residents with the right to know what personal information businesses are collecting about them, the right to request deletion, and the right to opt out of the sale of their personal information
The CPRA goes a step further and grants additional rights. These rights include the right to (a) fix errors