Providing Clarity For A Regulatory Framework

With Wide-Ranging Compliance Obligations

On November 3, 2020, Californians voted to approve Proposition 24, a proposal to adopt the California Privacy Rights Act (CPRA). As we discussed in relation to the CCPA, the CPRA has come about because of California’s unique ability for citizens to get laws enacted without going through the legislature. Unlike the CCPA, which started as a proposition that was then scuttled based on the legislatures’ promises to pass a similar law, the CPRA pursued the proposition process to completion and is now in effect as of January 2023. 

Both the CCPA and the CPRA were spearheaded by Californians for Consumer Privacy, founded by Alastair Mactaggart. Mactaggart was not satisfied with the final form the CCPA took and therefore pursued the proposition process once again, and this time to finality, which resulted in the CPRA, a more restrictive regulatory regime than the CCPA in several significant aspects.

Though the CPRA technically amends the CCPA, it significantly expands the compliance obligations imposed on businesses that fall within the scope of the law. With our legal practice focused on CCPA compliance and helping clients avoid related enforcement action, such as the one pursued against Sephora, we now also provide clarity to clients on the CPRA as part of their broader data privacy and protection compliance programs. 

CPRA Law Services We Offer

 CPRA Compliant Privacy Policies

 Compliance With Consumer Rights

  Data Sale/Sharing Analysis

Sensitive Personal Information Analysis

Risk Assessments

Cybersecurity Audits

Opt-Out/Opt-In Compliance

CPRA Compliance Programs

Data Mapping

Sectors We Serve


Financial Services


Healthcare & Life Sciences



CPRA Lawyer

“[California] has allocated a baseline budget of $10 million to ensure that its privacy-rights enforcement has teeth, intentionally matching the amount the Federal Trade Commission spends to regulate privacy for the entire country.

– Rick Arney, a co-author of the California Consumer Privacy Act

Find Out About How We Can Help You Navigate The CPRA

    CPRA News



    CPPA Publishes Draft of CPRA Regulations Re: Cybersecurity Audits & Risk Assessments

    The California Privacy Protection Agency Board scheduled an open meeting 8 Sept. that will include subcommittee discussion on draft California Privacy Rights Act regulations for cybersecurity audits and risk assessments.


    Court decision pushes CPRA regulations enforcement to March 2024

    A last-minute decision from the Sacramento County Superior Court 30 June on a complaint filed by the California Chamber of Commerce pushed enforcement of CPRA regulations from 1 July to 29 March 2024.


    CPPA anticipates final CPRA regulations will be effective by April

    During a Dec. 16 board meeting, CPPA Executive Director Ashkan Soltani said the final rules will likely be released in late January. Under that timeline, with a 30-day review by the California Office of Administrative Law, the regulations would take effect around April.


    Our Insights