Top 10 Action Items for 2021: The California Privacy Rights Act (CPRA)


How can your business prepare for The California Privacy Rights Act (CPRA) ramp-up in 2021? The CPRA is scheduled to become effective in January 2023. Preparations will occur over the next two years, including establishing the new California Privacy Protection Agency, which will take over rulemaking from the California Attorney General. With an impact on most medium to large businesses located in California or doing business in California, even companies that have already taken steps to comply with the CCPA will need to plan carefully for successful CPRA compliance.

Here are 10 essential steps that companies can consider taking now to prepare for the CPRA:

  1. Determine whether the CPRA applies to your organization.
  2. Advise senior management of coming changes to privacy law and impact on your organization.
  3. Designate a CPRA compliance team with an appointed team leader, schedule monthly check-ins and ensure CPRA compliance costs are built into this year's budgets.
  4. Determine if software development work is required and ensure software development teams update this year's development roadmap.
  5. Update your data map to include new CPRA-specific details, including sensitive personal information designations and data retention periods.
  6. Inventory your company contracts to determine contracts that will need to be updated for compliance with the CPRA.
  7. Identify privacy notices that will need to be updated.
  8. Watch out for updates on the timing of additional CPRA regulations.
  9. Review your company's current security posture and identify potential security enhancements to be implemented this year.
  10. Develop a CPRA compliance roadmap.

If you need help with your CPRA compliance roadmap, see our CPRA FAQ Guide or contact a member of Orrick's Cyber, Privacy and Data Innovation group. A comprehensive guide to the CPRA is forthcoming. To receive updates on the CPRA, and other developments related to global privacy and cybersecurity, please sign up here.