The California Privacy Rights Act (CPRA) will go into effect on January 1, 2023. The CPRA will amend existing provisions by creating new and expanded rights for California consumers and increasing obligations on businesses. It also establishes the California Privacy Protection Agency to implement and enforce the law.
How to Comply With CPRA?
To comply with the CPRA, you should follow both the above-mentioned CCPA and CPRA requirements. In particular, you should keep in mind the following aspects:
Perform personal data inventory to find out the type of information you collect, and if you collect sensitive personal information. Figure out the businesses you share data with, and what data is transferred to them.
Review your agreements with service providers, contractors, and third parties and ensure that they have adequate data privacy provisions according to the latest privacy requirements under the CPRA.
Update your Cookie Banner notices. You should disclose if you sell or share personal information, and provide the details of the service providers, contractors, and third-parties you share the data with. Disclose if you collect and process sensitive personal information, how and for what reasons you collect and process this information. Indicate how long you will keep each category of the personal information collected.
Add new opt-out links on your website. Add links ”Do not sell or share my personal information” and “Limit the use of my sensitive personal information” and display them on the website’s homepage. It is also recommended to add “a single, clearly-labeled link” that combines both above-mentioned links.
- Disclosures regarding personal information and sensitive personal information
- Disclosure of how to access, change, or delete personal information
- Method how to opt-out of selling or sharing personal information
- Consent notice for minors (13-16 years) and children under 13 years (consent from parents).
Provide a method to get consumers' requests. Under the CPRA, consumers have the right to be informed about their personal information collected. The CPRA requires businesses to have at least two methods for consumers to submit such requests. You can create web request forms, provide a phone number, or e-mail for the consumer to make requests. Ensure that these request methods are easily accessible and displayed on your website or privacy page.
Read the complete guide to California Privacy Rights Act (CPRA).