California Privacy Rights Act (CPRA)

Regulation: California Privacy Rights Act
Abbreviation: CPRA
Governs these parties: all organizations processing information on California residents or doing business in California
Enforced by: the office of the Attorney General (OAG) or the California Privacy Protection Agency

CPRA is designed to regulate how businesses collect and use data about consumers in California.

Individuals can limit the use and disclosure of sensitive personal information (SPI) to the minimum necessary for standard goods and service delivery and can request insight into the logic involved in automated processing and the expected outcomes. 

The rest of this document is designed to help our community understand CPRA better by outlining the following information:

• How it relates to cybersecurity
• How Coro handles compliance for you

How it relates to cybersecurity

The CPRA requires that governed entities: 

• provide reasonable cybersecurity safeguards for personal information
• conduct annual cybersecurity audits 
• address supply chain security and privacy risks 

How Coro handles compliance for you

At Coro, we’ve done the research thoroughly and regularly track updates to the regulation in order to ensure that you are implementing best practices in the areas we cover when we’re protecting your systems.

The following table outlines the requirements described by CPRA that Coro implements in conjunction with Microsoft 365 or Google Workspace.

Disclaimer: this table does not guarantee that your organization is compliant with these regulations. As a best practice, seek assistance from a certified auditor when completing your analysis.