The Californian legislative branch has recently finalised and passed the California Privacy Rights and Enforcement Act of 2020 (CPREA), a landmark data privacy law which introduces some GDPR concepts to the US.

The CPREA is designed to enhance and strengthen existing privacy and consumer protection laws in California and in particular requires that businesses should be held accountable for data security breaches and should be obligated to inform individuals when sensitive information has been compromised.

The new laws will take effect in January 2020.