Resource Center / Infographics / The Top 10 Most Impactful Provisions of the CPRA
The Top 10 Most Impactful Provisions of the CPRA
This resource gives a snapshot of the implications stemming from the CPRA being passed and entering into force.
Published: April 2020
This resource outlines the most-impactful provisions of the California Privacy Rights Act ballot initiative, which passed Nov. 3, 2020. It provides a snapshot of the implications stemming from the CPRA being passed and entering into force January 2023. New provisions on sensitive data, the creation of an independent regulator and expanded breach liability are among the top impacts in play.
The Top 10 Most Impactful Provisions of the CPRA
1. Sensitive Data
New definition, limits on use and sharing, mandated link or respect of global opt-out.
2. New Enforcement Agency
California Privacy Protection Agency
3. Expanded Breach Liability
Definition now includes email/ password combinations
4. Audits and Risk Assessments
To be prescribed through regulation for high-risk processing
5. Automated Decision-Making and Profiling
Restrictions for certain industries
6. Data Correction
New consumer rights
7. Children’s Data
Strengthened opt-in for sale or sharing and enhanced penalties for violations
8. Data Retention
Necessity-based limitations
9. Employee Data
Expanded moratorium
10. Service Providers, Contractors, and Third Parties
New obligations and clarifications