What It Is

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is a state regulation establishing consumer privacy rights for California residents. It applies to for-profit businesses meeting thresholds like $25M revenue or handling data of 100K+ consumers. Primary purpose: empower consumers with control over personal information (PI) via rights-based approach, including broad PI definitions encompassing identifiers, inferences, and sensitive PI.

Key Components

• Core rights: know/access, delete, opt-out sales/sharing, correct, limit sensitive PI use
• Obligations: notices at collection, privacy policies, DSAR handling (45-90 days), vendor contracts, GPC honoring
• Enforcement: CPPA/AG fines ($2,500-$7,500/violation), private breach actions
• No certification; compliance via audits, documentation

Why Organizations Use It

Mandatory for qualifying businesses to avoid fines, litigation. Drives data governance, trust, efficiency gains, market differentiation. Mitigates breach risks, aligns with GDPR-like regimes.

Implementation Overview

Phased: scoping/gap analysis (0-3 months), policies/contracts (1-4 months), technical controls (2-6 months), operationalization/training, audits. Targets tech/retail/finance; global firms with CA data. Cross-functional, tech-heavy (automation, mapping).

What It Is

PRINCE2 (Projects IN Controlled Environments), 7th Edition, is a process-based project management framework developed by AXELOS/PeopleCert. It provides structured governance for projects of all sizes, emphasizing controlled delivery through principles, practices, and processes.

Key Components

• **Seven PrinciplesGuiding obligations like continued business justification, manage by exception, and tailoring.
• **Seven PracticesBusiness case, organization, plans, quality, risk, issues, progress—applied continuously.
• **Seven ProcessesStarting up, directing, initiating, controlling stages, managing delivery/boundaries, closing.
• Certification via Foundation and Practitioner levels.

Why Organizations Use It

• Ensures governance, risk control, and value delivery.
• Supports auditability in regulated sectors like public and healthcare.
• Reduces overruns via tolerances and stages.
• Builds stakeholder trust through defined roles and tailoring for agility.

Implementation Overview

• Phased: gap analysis, tailoring, training, pilots, rollout.
• Involves templates, certification, change management.
• Applies to all sizes/industries; voluntary with scalable audits.