
California Privacy Rights Act Goes into Effect
The California Privacy Rights Act, which establishes the California Privacy Protection Agency, goes into effect.
When California Secretary of State Alex Padilla certified the results of the November General Election on 11 December, the California Privacy Rights Act (CPRA) went into effect. The majority of the CPRA’s provisions will not be fully operative until 1 January, 2023 and will not be fully enforceable until July 2023. However, some provisions are now fully operative, such as the establishment of the California Privacy Protection Agency.
The California Privacy Rights Act (CPRA) is not the first of its kind, following in the footsteps of the California Consumer Privacy Act of 2018 (CCPA), which grants California residents some of the same personal privacy rights found in the EU’s General Data Privacy Regulation (GDPR), such as the right to access, transfer, delete and object to the sale of their personal information. The CPRA not only updates the CCPA of 2018, but issues new regulations and specifications, such as:
- The specifics of opt-out mechanisms from “selling” and “sharing” data.
- How often and under what circumstances consumers may request the correction of their personal information.
- The standards for annual cybersecurity audits and risk assessments.
The first fully operative provision in the CPRA is the establishment of the California Privacy Protection Agency (CPPA), a five-member board, the members of which are each chosen by the California Governor, Attorney General, Senate Rules Committee, and Speaker of the Assembly. The appointments will consist of California residents with expertise in privacy, technology, and consumer rights, serving no longer than eight consecutive years.
This first-of-its-kind agency will act as a rulemaking and enforcement body regarding consumer privacy, issuing administrative proceedings and fines between $2,500 and $7,500 per privacy violations. The agency will also have the power to conduct audits that ensure compliance with the CPRA and coordinate with other privacy enforcement agencies in the state, as well as in other states, territories, and countries. While the CPPA will likely be an authoritative body, it must coordinate with the California Attorney General who retains the power to enforce the CPRA through civil penalties.
How This Impacts Mobility
Such data protection measures will apply to Relocation Management Companies (RMCs) and corporate entities that handle sensitive personal data of Californians. Companies transferring employees will be impacted, especially those involved in the relocation of a California resident. Should any member have questions regarding these developments, please reach out to Vice President of Member Engagement and Public Policy Rebecca Peters, rpeters@worldwideerc.org.
You might also enjoy reading:



Real Data. Targeted Program Benchmarking
Benchmark your entire program with real data, filtered to your needs, using our first-of-its-kind, cloud based, interactive benchmarking platform.
Transformation of the Global Workforce: Remote Work
Worldwide ERC® has launched a new research series that shares insights on where work is going from professionals involved in each aspect of relocation and workforce mobility from around the world. This first report of the series focuses on remote work.
Get in Touch with Mobility Experts on the Front Lines
Finding the mobility professionals you need all over the world just got easier with our new, user-friendly Directory

In The Current Issue of Mobility Magazine
- Employee Experience from the Corporate Side
- The Why and How of Increasing Minority Participation in Expat Assignments
- The ABCs of DE&I
- How to Make Employees Feel Included, Safe, and Empowered
Mobility is Worldwide ERC®’s monthly magazine, delivering industry and business news and updates, as well as insights on global talent mobility programs, tips and trends.