The Top 10 Most Impactful Provisions of the CPRA

Resource Center / Infographics / The Top 10 Most Impactful Provisions of the CPRA

The Top 10 Most Impactful Provisions of the CPRA

This resource gives a snapshot of the implications stemming from the CPRA being passed and entering into force.


Published: April 2020


View Infographic (PDF)

This resource outlines the most-impactful provisions of the California Privacy Rights Act ballot initiative, which passed Nov. 3, 2020. It provides a snapshot of the implications stemming from the CPRA being passed and entering into force January 2023. New provisions on sensitive data, the creation of an independent regulator and expanded breach liability are among the top impacts in play.

The Top 10 Most Impactful Provisions of the CPRA

1. Sensitive Data

New definition, limits on use and sharing, mandated link or respect of global opt-out.

2. New Enforcement Agency

California Privacy Protection Agency

3. Expanded Breach Liability

Definition now includes email/ password combinations

4. Audits and Risk Assessments

To be prescribed through regulation for high-risk processing

5. Automated Decision-Making and Profiling

Restrictions for certain industries

6. Data Correction

New consumer rights

7. Children’s Data

Strengthened opt-in for sale or sharing and enhanced penalties for violations

8. Data Retention

Necessity-based limitations

9. Employee Data

Expanded moratorium

10. Service Providers, Contractors, and Third Parties

New obligations and clarifications