Insights
Thought Leadership
March 16, 2023
Not a California Company? You May Still Be Subject to the CPRA
The California Privacy Rights Act (CPRA) became effective January 1 and amends the 2018 California Consumer Protection Act (CCPA). The CPRA gives California consumers and employees more control over their personal data. It creates several obligations for California-based corporations and certain companies that conduct business in the state or that collect, use or share the data of California residents.
While the CPRA went into effect on January 1, enforcement by the California Privacy Protection Agency (CPPA) will likely begin in July. Therefore, it is crucial to determine now whether your business is subject to the provisions of the CPRA. Even entities that are not based in California or do not have facilities or offices in California can have obligations under the CPRA.
In order for a business to be subject to the CPRA, it must be a for-profit entity doing business in California and must
Would you like to receive ourĀ Day Pitney C.H.A.T. Newsletter? Sign up here.
- earn gross revenue in excess of $25 million in the preceding calendar year;
- buy, sell or share the information of at least 100,000 consumers or households in California; or
- earn 50 percent or more of its annual revenue from selling or sharing California consumers' personal information.
Would you like to receive ourĀ Day Pitney C.H.A.T. Newsletter? Sign up here.