California Privacy Rights Act

What is means for your organization

Orson Lucas

Orson Lucas

Principal, Advisory, Cyber Security Services, KPMG US

+1 704-502-1067

In November 2020, California voters approved the California Privacy Rights Act (CPRA) which strengthened  provisions of the existing California Consumer Privacy Act (CCPA) and provided for the creation of a  dedicated, well-staffed enforcement agency. The changes, which are effective on January 1, 2023, bring  California’s privacy regulations closer to the consumer protections afforded by the European General Data  Protection Regulation (GDPR), which has been in force for companies doing business in Europe since 2018.

CPRA also establishes a new consumer data privacy agency, which is poised to be the only privacy-focused  regulatory authority in the United States. As part of its ability to collect a part of the fines and settlements it  collects from companies that break the law, this agency will be equipped with a large annual budget which  will increase commensurate with its level of enforcement. With recent changes to the political landscape  in the United States, CPRA may also provide a blueprint for Congress to pass potential forthcoming Federal  privacy legislation.

Get the latest updates from KPMG Cyber Security Services.