The California Privacy Rights Act (CPRA) makes a variety of amendments to the requirements in the California Consumer Privacy Act (CCPA). It expands on the CCPA by increasing consumer and employee rights and strengthening privacy protections. The OneTrust platform enables organizations to demonstrate accountability for CPRA requirements and strengthen company culture to prioritize data privacy.
Automate the discovery and categorization of personal information along with the deployment of controls that apply for ongoing compliance.
Integrations with employee-specific channels make it easier to locate the employee data and apply automated redaction to protect sensitive information.
Leverage DataGuidance, the world’s largest regulatory research database, for templates, automation rules, and classification algorithms.
The CPRA requires companies to fully understand their data, what is being processed, and the purpose for processing. OneTrust privacy management and data governance tools scan structured and unstructured data sources to inventory categories, like personal information vs. sensitive personal information, across cloud and on-premises systems. It also extracts metadata to help with retention policies. OneTrust helps identify and manage the third parties involved in processing personal data, giving you a full view of relevant personal information used by your organization.
Employee rights requests create unique challenges including new methods of ID verification, larger data volumes, and greater amounts of unstructured data associated with the requestor. OneTrust Privacy Rights Automation helps by automating the consumer and employee request lifecycle from intake through fulfillment. The request process is embedded into existing channels like your website or employee portal to streamline identity verification, automate the discovery of associated data, and redact sensitive information that should not be shared with the requestor.
The CPRA extends the “Do Not Sell” requirement, mandating that organizations provide an opt-out mechanism of “Do Not Share My Personal Information” on their website. Consent and Preferences supports this requirement with pre-configured templates and settings across web, mobile, and CMP channels. Organizations can easily geo-target a banner or link to those browsing from California, ensure the proper opt-outs are communicated to third parties through IAB’s CCPA framework, and integrate Privacy Rights Automation to extend opt-out beyond targeting advertising to other types of data sharing.
Like GDPR, CPRA requires businesses undertaking high-risk processing to perform annual audits and a thorough, independent cybersecurity audit. OneTrust can help you establish a process to ensure proper data protection, audit completion, and risk assessments for high-risk data processors. Get access to data and context needed to manage assessments, consolidate findings, and review recommendations over time to demonstrate continuous improvement initiatives.
By establishing the California Privacy Protection Agency as a dedicated enforcement agency, the CPRA placed greater emphasis on whether organizations are up to date on changes to the regulation and taking the appropriate steps to remain compliant. OneTrust DataGuidance provides the latest news, opinions, and FAQs related to CPRA and more. Powered by a contributor network of over 500 lawyers and 40 in-house legal researchers, you can get real-time access, in-platform or out-of-platform, to the latest regulatory requirements.
Request a demo to see our privacy management and data governance tools in action.
