The California Privacy Rights Act (CPRA) comes into effect on January 1, 2023. Among its new requirements is a new data retention provision. Personal and sensitive information must be disposed of when its purpose has been fulfilled, and the organization must disclose the retention policy at the time of collection. And the data retention policies apply to data collected on or after January 1, 2022. Under CPRA, companies can no longer simply hold on to individuals’ personal data forever, they must have robust data retention and disposal practices.
Every organization has data retention policies, but very few actually operationalize them. CPRA shines a light on these practices, and holds organizations accountable for them. The regulation also establishes a new enforcement agency, which indicates increasingly vigorous enforcement as CPRA goes into effect. Data breach risks are also heightened, as litigators can easily show negligence when data has been kept beyond its retention period.
Download this brief to learn:
- What Section 1798.100 means for your organization
- Why updating your Data Retention program with Exterro will bring your organization in compliance with CPRA and reduce costs and data risks
- How Exterro can help you to make significant steps toward progress and compliance in just 60 days