The California Privacy Rights Act (CPRA) is going on the November ballot and, if passed, will bring California data protection law closer to the European Union’s General Data Protection Reguation (GDPR), implementing concepts such as:

  • data minimization
  • retention limitation
  • sensitive information limitation
  • data protection risk assessments; and
  • strong buttoning down of downstream service providers

This means more compliance work for companies subject to CCPA. Even companies that are already subject to GDPR will have compliance work to do.

More details in this Wall Street Journal story about CCPA, CPRA and what companies should do to prepare,  in which I am quoted by journalist David Uberti.