The Art of CTO CCPA/CPRA Compliance tool evaluates organizational readiness for California privacy law requirements including consumer data rights, opt-out mechanisms, and data handling practices.
Frequently Asked Questions
What is the difference between CCPA and CPRA?
CPRA (California Privacy Rights Act) amended and expanded the original CCPA, taking full effect in 2023. Key additions include a new category of "sensitive personal information" with opt-out rights, expanded consumer rights (correction, limited use of sensitive data), stricter requirements for data sharing (not just selling), and the creation of the California Privacy Protection Agency for enforcement. Companies compliant with CCPA need to update their practices to meet the additional CPRA requirements.
Does CCPA/CPRA apply to my business?
CCPA/CPRA applies to for-profit businesses that collect California residents' personal information AND meet any one of three thresholds: annual gross revenue over $25 million, buying/selling/sharing personal information of 100,000+ consumers or households, or deriving 50% or more of annual revenue from selling or sharing personal information. Service providers and contractors also face obligations through their contracts with covered businesses.