• Platform
    • The Osano Platform Overview

      Get an overview of the simple, all-in-one data privacy platform

    • header__icon-1
      Cookie Consent

      Manage consent for data privacy laws in 50+ countries

    • user-square
      Subject Rights Management

      Streamline and automate the DSAR workflow

    • assessments primary 200
      Assessments

      Efficiently manage assessment workflows using custom or pre-built templates

    • Unified Consent primary 200
      Unified Consent & Preference Hub

      Streamline consent, utilize non-cookie data, and enhance customer trust

    • data mapping primary 200
      Data Mapping

      Automate and visualize data store discovery and classification

    • shield-tick
      Vendor Privacy Risk Management

      Ensure your customers’ data is in good hands

    • Features & Integrations

      Key Features & Integrations

    • Privacy Templates
    • GDPR Representative
    • Consult Privacy Team
    • Regulatory Guidance
    • Integrations
  • Solutions
    • By Regulation
    • CPRA

      Discover how Osano supports CPRA compliance

    • CCPA

      Learn about the CCPA and how Osano can help

    • GDPR

      Achieve compliance with one of the world’s most comprehensive data privacy laws

    • By Organization Type
    • Icon (10)
      Start-Up

      Don’t let data privacy compliance get in the way of growth

    • Icon (11)
      Mid-Sized

      Preserve your competitive edge

    • Icon (12)
      Enterprise

      Manage data privacy at scale

    • By Use Case
    • Path
      Consent Management

      Manage consent without the complexity

    • Icon (14)
      DSAR Automation

      Never miss a DSAR deadline again

    • Icon (16)
      Privacy Program Management

      Build and grow an end-to-end privacy program

    • Icon (15)
      Vendor Risk Management

      Regain insight and control over your customers’ data

  • Resources
    • Resources

      Key resources on all things data privacy

    • book-open-01
      Articles

      Expert insights on all things privacy

    • Icon (25)
      Resource Center

      Key resources to further your data privacy education

    • hand a heart icon primary 200
      Customer Stories

      Meet some of the 5,000+ leaders using Osano to transform their privacy programs

    • globe icon primary 200
      U.S. Data Privacy Laws

      A guide to data privacy in the U.S.

    • code icon primary 200
      Product Updates

      What's the latest from Osano?

    • Become a Privacy Insider

      Data privacy is complex but you're not alone

    • envelope icon primary 200
      The Newsletter

      Join our weekly newsletter with over 35,000 subscribers

    • Icon (17)
      The Podcast

      Global experts share insights and compelling personal stories about the critical importance of data privacy

    • book-open-01
      The Book

      Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program

    • Icon (30)
      Events

      Upcoming webinars and in-person events designed for privacy professionals

    Latest Blog post

    Hand holding compass

    5 Privacy Trends for 2025: What to Watch For

    Heraclitus said that “The only constant in life is change,” but...

    Read Now
  • Company
    • Vector
      About Us

      The Osano story

    • Icon (25)
      Careers

      Become an Osanian and help us build the future of privacy!

    • Icon (26)
      Contact

      We’re eager to hear from you

    • 
      Our Pledge

      No fines, no penalties

    • Icon (27)
      Data Licensing

      Add Osano data privacy ratings and recommendations to your application

    • Icon (28)
      Osano Swag Store

      Increase Trust. Stay Compliant. Get Cool Swag.

    • Icon (29)
      Press & Media

      Inquiries and Osano in the news

    • Icon (30)
      Partners & Resellers

      Interested in partnering with us?

  • Pricing
  • Sign In Book a Demo
CPRA Compliance Software

The Simple CPRA Solution You've Been Looking For

Complying with the California Privacy Rights Act (CPRA) can be a major challenge. Let Osano be your CPRA compliance solution with capabilities for managing opt-out requests, processing universal preference signals like the Global Privacy Control, automation for consumer and employee subject rights requests, and more.

Switchback - Localization w person - 2
JOIN 1000+ Companies using Osano
THE BASICS

What Is the CPRA?

Not enough time to slog through pages of legalese? Check out our primer to the CPRA below.

CCPA vs. CPRA 

The California Consumer Protection Act (CCPA) was essentially the first iteration of the CPRA. The CCPA was enacted into law in 2018 and became effective in 2020, but privacy advocates immediately felt it wasn't strong enough.

 

This led to the creation of the CPRA, which went into effect January 1, 2023, and strengthened the CCPA. Nowadays, people often use the terms CCPA and CPRA interchangeably. Here are some of the new changes introduced by the CPRA.

 

  • Creation of the California Privacy Protection Agency (CPPA).
  • Expanded consumers’ right to opt out of the sale of data to opt out of its sharing for targeted advertising.
  • Created a second category of sensitive data (e.g., social security numbers, sexual identity, health data, and the like).
  • Required businesses to minimize data collection.
  • Required privacy assessments.
  • And more.
cpra-compliance-image-slidebox-1

Am I Subject to the CPRA?

If you do business in California, the odds are you’re subject to the CPRA. Specifically, the CPRA applies if you do business in California, collect the personal data of Californians or have it collected for you, and fit one or more of these criteria:

 

  • Buy, sell, or share the personal information of 100k people or households.
  • Create 50% or more of your revenue through the sale or sharing of personal information.
  • Had $25 million in gross revenue in the preceding calendar year.
cpra compliance - slidebox - image - am i subject

CPRA Requirements

The CPRA may very well be one of the strictest laws in the U.S. when it comes to data privacy. Here are just a few of its requirements.

 

  • Honor do-not-sell/-share requests and other subject rights requests and provide a mechanism for those requests.
  • Limit the use of sensitive personal information to only what is necessary for the primary function of the customer’s transaction.
  • Collect and retain only data that is reasonably necessary and proportionate to the intended purpose.
  • Conduct risk assessments before beginning high-risk collection or use of personal data.
  • Establish contractual obligations with third parties, contractors, and service providers before sharing, selling, or disclosing personal data.
  • And many more.

 

cpra compliance - slidebox - requirements

CPRA Enforcement

Unlike other U.S. privacy laws, two different authorities can enforce the CPRA: the California Attorney General and the California Privacy Protection Agency (CPPA). When the CPRA was enacted into law, it also created the CPPA, whose sole job is to enforce the CPRA. If you’re found to violate the law, either authority could penalize you. Additionally, individual citizens can sue under the CPRA if their personal account access information is exposed in a data breach.

 

  • $2.5k per each violation
  • $7.5k per each intentional violation
  • $7.5k per violations involving a minor
ccpa compliance - slidebox - ccpa enforcement
CPRA COOKIE CONSENT

Honor Opt-out Requests

When California citizens visit your website, you need to provide the appropriate disclosures and data collection consent options. Osano detects the geolocation of California visitors and automatically displays the relevant banner to them. If visitors opt out, Osano blocks the relevant data trackers on your website, keeping you in compliance.

  • Choose between opt-in and opt-out compliance mode (both compliant under the CPRA).
  • Permit visitors to opt out via your banner, universal preference signals, or a do-not-sell/-share link.
  • Control users’ personal data flows to third parties and targeted advertising based on their consent.
Consent - map - image
CPRA DATA SUBJECT RIGHTS

Manage Consumer and Employee DSARs Alike

When a data subject makes a request under the CPRA, you have to meet that request within 45 days. Responding to DSARs takes time away from more strategic initiatives, and 45 days can go by pretty quick if you experience a high volume of requests. Osano streamlines the subject rights request process, automates common request types, and enables a faster, more accurate workflow.

  • Process access, correction, deletion, opt-out requests, and more.
  • Automatically fulfill summary and deletion requests with human verification for accuracy.
  • Discover personal information across disparate data stores from our 100+ pre-built integrations
     
DSAR - workflow
CPRA DATA MAPPING

Data Mapping Purpose-built for Privacy Compliance

If you’ve ever had to depend on manual spreadsheets or the limited capacity of your organization’s data analysts, you know that mapping your organization’s personal data stores is a time-consuming, reactive task.  

Osano Data Mapping provides a privacy-focused data mapping solution that dramatically accelerates the mapping process and reduces errors through automation. 

Data Mapping - with backdrop
CPRA VENDOR MANAGEMENT

Ensure Your Customers’ Data Is in Good Hands

If you do business in California, then the CPRA requires you to establish the right contractual provisions with your third parties, service providers, and contractors. Osano Vendor Risk Management can help you identify vendors who can live up to those contractual standards and give your customers’ data the protection it deserves. 

  • Assess vendors at a glance with Osano’s Vendor Score, calculated via a 163-item proprietary ontology based on NIST and ISO standards.
  • Receive alerts for vendor lawsuits and privacy policy changes.
  • Discover sub-processors and fourth parties that may handle your customers’ data.
  • Use template vendor assessments to take a deep dive into your vendors’ existing processes and document your compliance efforts.
Vendor - score
Expert insights

Key Resources on All Things Privacy

Discover actionable tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.

The ROI of Privacy Management - listing

The ROI of Privacy Management

Learn why organizations that invest in data privacy gain a return of up to $2.70 for every dollar spent.

Download Now
Customer story - Lattice

Building Compliance into Marketing Operations Puts Privacy First

Lattice uses Osano to eliminate operational complexity, align marketing and compliance teams, and fulfill its promise of being a privacy-first organization.

Read Now
US Data Privacy Checklist hero

2024 U.S. Data Privacy Checklist

Download our checklist to learn what your first steps should be, regardless of which law applies to your organization.

Download Now

The CPRA Is Complex. Compliance Doesn’t Have to Be.

Simplify CPRA compliance with Osano. Let us show you exactly how easy meeting your CPRA obligations can be.