Meet CPRA Compliance with Concentric AI

July 5, 2023
Cyrus Tehrani
4 min read

The California Privacy Rights Act (CPRA) is a recent piece of privacy legislation, passed in California in 2020. The CPRA expands upon the existing California Consumer Privacy Act (CCPA) and introduces new privacy rights for consumers, establishes a new enforcement agency, and aligns more closely with the European Union’s General Data Protection Regulation (GDPR).

Like GDPR, the CPRA gives consumers the right to know several details about their personal information:

  • When a business collects personal information about them
  • The purpose of collection
  • With whom the data is shared or sold

The act also allows consumers to opt-out of the sale or sharing of their personal data and the right to request deletion of their data.

The CPRA goes a step further than the CCPA by introducing the concept of “sensitive personal information”, similar to the GDPR. Consumers have the right to limit the use and disclosure of this sensitive information. This includes data such as social security numbers, precise geolocation, racial or ethnic origin, religious beliefs, biometric data, health data, and more.

The CPRA also establishes a new enforcement body, the California Privacy Protection Agency, which is similar to the Data Protection Authorities under the GDPR. This agency is responsible for enforcing the CPRA, providing guidance to businesses, and educating consumers about their privacy rights.

Businesses operating in California and the EU must ensure they comply with these regulations to avoid hefty fines and reputational damage.

How Concentric helps you with CPRA compliance

With Concentric AI, organizations can effectively navigate the complexities of CPRA privacy rights and maintain compliance.

Here are the five most important steps you need to focus on for CPRA compliance:

Discover: Identify all personal and sensitive data stored and know where it resides.

Map: Determine how your personal and sensitive data is being shared with third parties and identify if that third party is exempt from CPRA opt-out requirements.

Manage: Govern how the data is used and accessed (data governance).

Protect: Deploy robust security controls to prevent, detect, and respond to vulnerabilities and data breaches.

Document: Document your data breach response program and ensure any contracts with relevant third parties can take advantage of opt-out exceptions.

To help with these steps, Concentric AI excels at three key processes to ensure you are compliant with CPRA:

  • Discover and identify data
  • Monitor and classify data for risk
  • Remediate data risk issues

Discover and Identify Data

Data discovery and identification is crucial for achieving CPRA compliance. Concentric AI’s solution uses sophisticated machine learning technologies to autonomously scan and categorize data — from financial data to PII/PHI/PCI to intellectual property to business confidential information – wherever it is stored. In the cloud, on-premises, structured or unstructured, Concentric will find your data. Our solution helps you understand what personal information your company holds, determines the legal ramifications for processing personal information, assesses the risk associated with processing personal information, and allows you to respond to data subject requests.

Monitoring and Classifying Data for Risk

With Concentric AI, you can autonomously discover how CPRA-relevant data is being used, who it is being shared with, and who accessed it — to quickly and accurately pinpoint risk due to inappropriate permissioning, risky sharing, and unauthorized access. Data classification is an important step in achieving CPRA compliance because it enables companies to identify, categorize, and organize their data according to its level of sensitivity and importance.

Remediate Data Risk Issues

Concentric AI’s Risk Distance™ analysis leverages deep learning to compare each data element with baseline security practices used by similar data to identify risk without rules and policies. More importantly, our solution can remediate these access risks as they happen – whether it’s fixing access control issues or permissions, disabling sensitive file sharing with a third party, or blocking an attachment on a messaging service.

Concentric Semantic Intelligence helps you discover and protect your most sensitive and confidential information without any rules, upfront work or security team overhead. Utilizing Deep Learning, Concentric Semantic Intelligence™ autonomously delivers a content-based, categorized view of your data and a risk rating for all data that have been exposed. This allows your data security, privacy, and compliance teams to easily find and correct inappropriate sharing, unauthorized access or wrong entitlements of sensitive data to efficiently prevent data loss.

More than just compliance

Our customers are successfully using our product in production for petabytes of data for:

Book a demo today to see firsthand — with your own data — how Concentric’s solution can quickly and easily be deployed to keep up with CPRA rules in your organization.


Libero nibh at ultrices torquent litora dictum porta info [email protected]

Getting started is easy

Start connecting your payment with Switch App.