California Privacy Rights Act in Effect on January 1st


The deadline to meet the California Privacy Rights Act regulations is almost here!

Wait, didn’t that already happen?

You’re thinking of the California Consumer Privacy Act, which was indeed signed into law back in 2018. That piece of legislation requires businesses that operate in California to be more transparent with what data they’re collecting, who can see it and where they’re selling it. They also have to give consumers the choice to opt out. If you’ve seen those pop-ups anywhere from retail to news websites, asking if they can track your Cookies, then you’ve already seen the effects of the CCPA!

Closely related to that law, the CPRA expands data protection even further. It also makes amendments to bring the 2018 legislation up to date. Although Proposition 24 (as it was known on the ballot) passed in 2020, there was a multi-year grace period to actually bring systems up to the new compliance standard.

So, how will the CPRA compliance deadline affect you?

What’s New in the CPRA?

The deadline for compliance is January 1st, 2023 but certain aspects of the law are already in effect. For example, the establishment of a California Privacy Protection Agency created more structure and better enforcement of these policies and the ones in the CCPA. The department is already operational.

Meanwhile, the CCPA (2018) established six consumer rights, but the California Privacy Rights Act tacks on two more.

  1. the right to correct inaccurate information
  2. the right to limit use and disclosure of your PII

These subtle additions cover possible loopholes and provide consumers (including the person reading this!) better control over their personal data.

Why Does Extra Data Privacy Matter?

Quick backstory on what includes your “personal information” that’s protected under the law. PII, or personally identifiable information, is the data pointing back to you as an individual. Think your full name, home address, bank account numbers and Social Security as prime examples. Starting in January, California consumers will have more control over their PII and its collection.

The CCPA already affected businesses, service providers and third parties operating in California, but the CPRA additionally includes contractors. Just like how the CPRA is giving you more total control over the dissemination of your data, but it is also expanding the duties of care that others have when you share your PII.

This isn’t just happening in California, by the way. The CCPA seems to have spurred a rash of similar legislation across the rest of the country.

  • Virginia Consumer Data Protection Act is also going into effect on January 1st
  • The Colorado Privacy Act takes effect July 1st, and so does 
  • Connecticut Data Protection Act (also known as the CTDPA) 
  • Utah Consumer Privacy Act takes effect December 31st  

This is to say nothing to the federal laws and international ones affecting data privacy! Evidently, this is a hot topic that people feel strongly about and thus we are probably going to see a lot more action being taken to further data protections even more.


Did you know that 92% of Americans are concerned about the privacy of their data online? If you’re in California or one of the states listed above, hopefully these new compliance laws put your mind more at ease. Meanwhile if you operate a business in any of these states, you should learn about what it means for how you handle customer PII going forward!

How well-protected is your private information when you’re browsing the web? Considering how the average person spends almost seven hours online every day, it’s pretty important to understand who might see your activity and what they do with it. These laws are just the beginning of a our attempt to take back some online security that may have been overlooked in a rush toward innovation and more powerful tech.

Check back in with this blog to stay up to date with the latest news and handy tips about information security!


Related Posts