top of page

New Legislation: The California Privacy Rights Act (CPRA)

What is the California Privacy Rights Act?

The California Privacy Rights Act (CPRA) is a new law that went into effect on January 1st, 2023. While the CPRA is new legislation, it acts as an overlay to the 2020 California Consumer Privacy Act (CCPA).

The CCPA was frequently criticized for a lack of enforcement, consumer rights, and vague expectations so the CPRA is an addendum to improve on the groundwork of the CCPA.

CPRA is one of the strongest Data Privacy Legislation in the United States to date. It compares to the General Data Protection Regulation (GDPR) in the EU, which you can also read more about below.

How is the CPRA different from the CCPA?

The CPRA covers consumers living in California and applies to organizations doing business in California or organizations with employees or contractors in the state that meet certain criteria. This also means that CPRA is enforceable across state lines.

Sensitive Personal Information

One of the changes of CPRA is the creation of Sensitive Personal Information (SPI). This applies to a resident's:

  • Financial information

  • Social security number & driver's license number