California Labor &
Employment Law Blog
CPRA Countdown: Ensuring Your Organization’s Privacy Compliance in the New Year
Jan 12, 2024

CPRA Countdown: Ensuring Your Organization’s Privacy Compliance in the New Year

Topics: Privacy

By: Dalia Z. Khatib

With the new year underway, and enforcement looming, it is more important than ever to ensure your organization is compliant with the California Privacy Rights Act (CPRA)—the amendment to the California Consumer Privacy Act (CCPA). 

To help get you there, we have a few reminders and tips:

Covered Employers

While not every employer is required to comply, the CPRA requires compliance for many employers. As a reminder, a covered employer is an organization that:

  • Maintains annual gross revenues in excess of $25 million in the preceding calendar year;
  • Buys, sells, or shares personal information of 100,000 or more California consumers or households; or 
  • Derives 50 percent or more of its annual revenue from selling or sharing California consumers’ personal information.

Any employer with California employees should consult with counsel to evaluate the above criteria to determine whether their organization qualifies as a “covered employer”. 

Enforcement of New Regulations

Last year, the California Chamber of Commerce successfully delayed enforcement of the new CPRA regulations that were issued on March 29, 2023. Nonetheless, the California Privacy Protection Agency (Agency) is allowed to commence enforcement starting March 29, 2024. Some regulations may already be enforceable. 

Compliance Tips

A few action items toward compliance with the CPRA:

  • Be Prepared: Get your team ready to respond to requests from employees about their personal information by conducting training and developing processes.
  • Give Notice: Give Notice to all Applicants/Employees before or at the time you collect their personal information. The Notice’s goal is to inform employees and applicants of what information is collected, how it is used, and the rights that they have.
  • Update Your Handbook: While you may already be updating your handbook to account for 2024’s new California labor laws, make sure that you have a compliant privacy policy in place that belongs in your employee handbook. 
  • Map Out Data: Full compliance requires employers to track where personal information data “lives”. It is important for employers to have their processes in place for data mapping.

As always, our Privacy Practice Group will continue to monitor developments related to the CCPA, the CPRA and the Agency’s enforcement actions. Please contact a member of CDF's Privacy Practice Group (Dan Forman, Dalia Khatib, or Linda Wang) to discuss compliance with any investigation by the Agency or with questions about the CCPA & CPRA. Our Privacy Practice Group is available to assist with policies, notices and general compliance for employers. 

About CDF

For more than 30 years, CDF has distinguished itself as one of the top employment, labor and immigration firms in California, representing employers in single-plaintiff and class action lawsuits and advising employers on related legal compliance and risk avoidance. We cover the state, with five locations from Sacramento to San Diego.

> visit primary site

About the Editor in Chief

San Diego Associate Attorney. Taylor has experience defending employers of all sizes in employment-related claims regarding wrongful termination, discrimination, harassment, retaliation, and employment-related tort and contract claims. Taylor also has experience defending management in wage and hour class actions and PAGA representative actions. Taylor is a member of the Lawyers Club of San Diego and received her Juris Doctor from the University of San Diego School of Law, where she was a member of the Student Bar Association, Employment and Labor Law Society, Business Law Society, and Women’s Law Caucus.
> Full Bio   > Email   Call 858.646.0077

CDF Labor Law LLP © 2025

Editorial Board About CDF What We Do Contact Us Attorney Advertising Disclaimer Privacy Policy Cookie Policy