Carlton Fields cybersecurity attorneys Christina Gagnier and Joe Swanson were interviewed in a CISO Mag article on their top tips for companies preparing for the recently passed California Privacy Rights Act (CPRA).
The two attorneys advise that the CPRA should be seen as the “CCPA+” and businesses should turn their attention immediately to the additions that are being put in place to secure compliance and avoid any penalties.
Gagnier gives insight into the new obligations, such as an expansion of private right of action, a reduction in the cure period for companies, and two other rights: the right to correct and a right regarding data minimization.
Additionally, Swanson suggests that all businesses adopt a data breach response plan outlining how incidents are reported internally, and then triaged and escalated to internal team members and external providers, if they haven’t done so already.