CompliQuest

Course Overview

California's updated privacy law expands consumer rights, tightens business obligations, and creates a dedicated enforcement agency with real teeth. And if your business handles California residents' data, compliance isn't optional; it's urgent

The challenge? CPRA changes aren't just technical updates. They require rethinking how you collect, store, share, and delete personal information, especially sensitive data.

This course breaks down exactly what changed, what you must do differently, and how to get compliant without overhauling your entire privacy program.

What you'll learn:

Understanding the expanded scope:

• What qualifies as "sensitive personal information" (race, genetics, biometrics, precise location, and why it matters)
• New lower thresholds that might bring your business under CPRA for the first time

New consumer rights you must support:

• The right to correct inaccurate data (and how to build a correction process)
• The right to limit use of sensitive information (what "limit" actually means)
• Enhanced opt-out mechanisms and what "Do Not Sell or Share" really requires

Stricter operational requirements:

• Data retention rules: How to justify what you keep and conduct risk assessments
• Updated privacy notice requirements (with examples of compliant language)
• Data-sharing disclosure obligations when working with contractors and vendors

Practical tools included:

• Privacy notice templates
• Data retention justification framework
• Risk assessment checklist
• Consumer request response workflows
• Contractor/vendor agreement language

By the end, you'll have:

• A clear gap analysis: where your current CCPA compliance falls short
• Documentation templates you can customize immediately
• Confidence to brief leadership on what needs to change

This course ensures you're not caught off guard when the California Privacy Protection Agency comes knocking.

Modules

1. Introduction to CPRA Gain an essential overview of the California Privacy Rights Act, its scope, and how it differs from past regulations. Understand the expanded rights of California consumers and how these obligations apply to your business. Explore core rights granted to consumers such as access, correction, deletion, opt-out, and limit use, and learn how to implement clear, accessible processes for honoring those rights.

2. Consumer Notice Requirements under the CPRA This presentation covers the consumer notice requirements under the California Privacy Rights Act (CPRA). It explains how businesses must inform individuals about data collection through tools like privacy policies, website banners, and in-app notices, and outlines the required contents of each.

3. Cybersecurity Requirements Learn how CPRA connects to security obligations and what proactive measures must be in place to prevent, detect, and respond to breaches. Understand what counts as a reportable incident and what to do if one occurs.

4. Incident Response & Reporting This module explains when and how to notify consumers and regulators of a breach. Learn the timing, method, and required content of notification letters under California law.

5. Risk Assessments Under CPRA Understand when privacy risk assessments are required and how to conduct them. You'll be guided through a structured methodology for evaluating the impact of high-risk data processing activities.

6. Data Sharing and Contractual Safeguards Discover data sharing and contractual safeguards under the California Privacy Rights Act (CPRA). It outlines the legal obligations for businesses, service providers, contractors, and third parties, emphasizing the importance of CPRA-compliant contract clauses and proper data handling agreements.

7. Automated Decision-Making & Profiling Learn how CPRA regulates the use of algorithms, AI systems, and other automated tools. Understand consumer rights in this area and the transparency obligations that come with using these technologies.