The California Privacy Rights Act (CPRA) comes into effect on January 1, 2023. Among its new requirements is a new data retention provision. Personal and sensitive information must be disposed of when its purpose has been fulfilled, and the organization must disclose the retention policy at the time of collection. And the data retention policies apply to data collected on or after January 1, 2022. Under CPRA, companies can no longer simply hold on to individuals’ personal data forever, they must have robust data retention and disposal practices.

Every organization has data retention policies, but very few actually operationalize them. CPRA shines a light on these practices, and holds organizations accountable for them. The regulation also establishes a new enforcement agency, which indicates increasingly vigorous enforcement as CPRA goes into effect. Data breach risks are also heightened, as litigators can easily show negligence when data has been kept beyond its retention period.


Thursday, 23 September, 07:00 PM - 07:45 PM (BST)

View the agenda


Rebecca Perry, Director of Strategic Partnerships - Exterro


Chris Costello, Senior E-Discovery Attorney - Winston and Strawn LLC

Eric Shinabarger, Associate Attorney - Winston and Strawn LLC

PrivSec Global