Proactive management of data privacy compliance to handle strict CPRA requirements
CCPA | CPRA | |
---|---|---|
Rights |
|
|
Who must comply? |
|
|
Links | Websites must have “Do not sell my personal information” link | Websites must have “Do not sell my personal information” link, and “Limit the use of my personal information” link |
Enforcement | California Attorney General | California Attorney General & California Privacy Protection Agency |
Sensitive PI | Subcategory of Personal Information that includes sensitive data such as social security, driver’s license, state identification card, or passport number | |
Data Minimization | Personal information that is collected shall be reasonable and necessary for a business purpose | |
Risk Assessments | Organizations must conduct risk assessments with respect to their processing and collection of personal information | |
Limited Storage | Reasonable length of time a business intends to retain each category of personal information, including sensitive personal information | |
Minors | Organizations must notify minors under 16 years of age if they intend to sell or share their personal data | |
Cure Period (Fines) | 30-day cure period after receiving notice from the Attorney General before it takes further enforcement measures | 30-day cure period is removed |
Minor Fines | Automatic $7,500 fine per violation involving the personal information of minors. |