CCPA & CPRA Comparison
Download now!
The California Privacy Rights and Enforcement Act (CPRA), which became effective on January 1, 2023, modifies multiple sections of the California Consumer Privacy Act (CCPA). The state believed the change was needed because US federal privacy laws did not provide sufficient protections or rights to consumers. Both California laws aim to protect consumers through data minimization, purpose limitation, storage limitation, accountability, transparency, and data accuracy.
It is important for financial services organizations to be familiar with the new requirements and how to comply with them to support the rights of California consumers and employees and avoid any potential violations, which could lead to civil money penalties. BAI constantly monitors regulatory updates, summarizes them, and provides organizations with actionable insights on what to prepare for. BAI has created a matrix outlining the CPRA and CCPA to highlight their similarities and differences. The matrix compares key elements of both laws including:
- Criteria
- Covered Personal Information, Exclusions, and Third Parties
- Consumer Rights
- Organizational Requirements
- Audit Requirements
- Privacy Impact or Cyber Risk Assessment Requirements
- Enforcement
- Best Practices
To learn more about the key elements of the CPRA and CCPA, download our article: “CPRA and CCPA Requirements: How These Laws Will Impact Your Business.”