Summary of CPRA Contractual Obligations
This chart provides a summary of the CPRA's contractual requirements.
Published:
Contributors:
Caitlin Fennessy
CIPP/US
Vice President and Chief Knowledge Officer
IAPP
The California Privacy Rights Act aims to provide a continuing level of protection for personal information as it flows from covered businesses to third parties, service providers, contractors, and even their sub-processors.
- Outlining new contractual requirements to govern the sale, sharing, disclosure and receipt of personal information.
- Placing direct enforceable obligations on service providers and contractors.
- Mandating due diligence of processing operations.
This resource provides a summary of the CPRA's contractual requirements.
Summary of CPRA Contractual Requirements
This section provides a summary of CPRA Contractual Requirements for Section 1798.100(d)(1-5).
- Specifies PI sold or disclosed for limited purposes.
- Requires compliance with CPRA obligations.
- Requires provision of CPRA-level of privacy protection.
- Requires notification to the business if can no longer meet CPRA obligations.
- Grants business right to “reasonable and appropriate steps” to stop and remediate unauthorized PI use upon notification above.
- Grants business rights to “reasonable and appropriate” steps to help ensure PI use is consistent with the business’s CPRA obligations.
- Specifies PI sold or disclosed for limited purposes.
- Requires compliance with CPRA obligations.
- Requires provision of CPRA-level of privacy protection.
- Requires notification to the business if can no longer meet CPRA obligations.
- Grants business right to “reasonable and appropriate steps” to stop and remediate unauthorized PI use upon notification above.
- Grants business rights to “reasonable and appropriate” steps to help ensure PI use is consistent with the business’s CPRA obligations.
- Specifies PI sold or disclosed for limited purposes.
- Requires compliance with CPRA obligations.
- Requires provision of CPRA-level of privacy protection.
- Requires notification to the business if can no longer meet CPRA obligations.
- Grants business right to “reasonable and appropriate steps” to stop and remediate unauthorized PI use upon notification above.
- Grants business rights to “reasonable and appropriate” steps to help ensure PI use is consistent with the business’s CPRA obligations.
This section provides a summary of CPRA Contractual Requirements for Sections 1798.140(ag) (“Service provider”) and 1798.140(j) (“Contractor”).
- Specifies PI sold or disclosed for limited purposes.
- Requires compliance with CPRA obligations.
- Requires provision of CPRA-level of privacy protection.
- Requires notification to the business if can no longer meet CPRA obligations.
- Grants business right to “reasonable and appropriate steps” to stop and remediate unauthorized PI use upon notification above.
- Grants business rights to “reasonable and appropriate” steps to help ensure PI use is consistent with the business’s CPRA obligations.
- Specifies PI sold or disclosed for limited purposes.
- Requires compliance with CPRA obligations.
- Requires provision of CPRA-level of privacy protection.
- Requires notification to the business if can no longer meet CPRA obligations.
- Grants business right to “reasonable and appropriate steps” to stop and remediate unauthorized PI use upon notification above.
- Grants business rights to “reasonable and appropriate” steps to help ensure PI use is consistent with the business’s CPRA obligations.
- Specifies PI sold or disclosed for limited purposes.
- Requires compliance with CPRA obligations.
- Requires provision of CPRA-level of privacy protection.
- Requires notification to the business if can no longer meet CPRA obligations.
- Grants business right to “reasonable and appropriate steps” to stop and remediate unauthorized PI use upon notification above.
- Grants business rights to “reasonable and appropriate” steps to help ensure PI use is consistent with the business’s CPRA obligations.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEsContributors:
Caitlin Fennessy
CIPP/US
Vice President and Chief Knowledge Officer
IAPP
Tags:
