🌉 California Dreaming

View in browser

Farewell 2022. We’re shaking things up and bringing you GrailMail two weeks in a row! Welcome to this Special Edition GrailMail: CPRA Supercharge. DataGrail launched a CPRA Hub to help you wrap your mind around all things California Privacy — from vendor management to HR requirements, and even something special for CISOs. We just couldn’t wait until the new year to share.

Before you set your OOO messages or sing Auld Lang Syne, we hope that you’ll take stock of the awesome accomplishments of the data privacy community worldwide, but also enter 2023 with privacy peace of mind.

CPRA COUNTDOWN

⏰ T-minus 2 Weeks

CPRA is almost here. So first thing's first: does this law even apply to your business? CPRA applies to you if you have:

✅ More than $25M in annual gross revenue

✅ More than 100K consumers, households, or devices in your database

✅ At least half yearly income from selling or exchanging personal customer information

CPRA TRIVIA

One of the biggest changes CPRA will bring is the birth of a European-style data protection authority to create rules, issue guidelines, and enforce the law.

What is this authority called?

A. Consumer Privacy Commission (CPC)

B. California Privacy Protection Agency (CPPA)

C. Consumer Data Privacy Agency (CDPA)

D. California Data Privacy Office (CDPO)

Single Source of Truth

Looking to get up to speed on the new CA privacy law? We made this just for you. Take a look at our CPRA hub – a one-stop-shop to make sure you're ready for Jan. 1.

⭐️ Bookmark this page ⭐️

TRAVELING BACK IN TIME

Expanded Look-Back Period

Under CCPA, there was a 12-month limit on how much information a California business needed to provide in a Right to Know response. Those days are behind us now. CPRA renames this as the Right to Access and lifts the 12-month cap. In other words, Californians can ask for as much historic information as possible with limited exceptions under the new law.

From here on out, businesses will need to be able to provide all information from Jan. 1, 2022, onward. What it means for you:

Data minimization practices will be your new best friend.
This provision incentivizes needs-based, intentional data practices.
Tightened collection and retention can help reduce scope and scale of completing access responses.

DID YOU KNOW?

As of January 1, 2023, California employees, contractors, and business contacts will be able to exercise their privacy rights like any other CA consumer.

CISO'S GUIDE TO CPRA

Preparing for the Country's Strictest Privacy Regulation

As complicated as California's current privacy law is, the introduction of CPRA adds further
complexities. As the newly created California Privacy Protection Agency continues to work through delayed rules and guidelines, many security executives are left wondering about next steps.

Download the CISO's Guide to CPRA:

→ What security teams should know about the new law
→ Why you need to audit your HR systems

→ How security should partner with privacy teams to prioritize reviews of systems holding sensitive personal information (SPI)

Meet DataGrail 👋

Join us as we tackle privacy's toughest challenges in 30 minutes or less.

February 2, 2023 @ 11 am PT

SAVE MY SEAT

CPRA TRIVIA

Yep, that's right. This new enforcement group is called the (B) California Privacy Protection Agency (CPPA).

This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.

© 2022 DataGrail, Inc. and/or its affiliates. All rights reserved.
Various trademarks held by their respective owners.