With less than a year before the California Privacy Rights Act (CPRA) becomes effective in 2023, it is critical for organizations to carefully assess and update their privacy compliance program to minimize risks. The CPRA is the most restrictive U.S. data protection law, with severe restrictions on consumer profiles, its own enforcement agency and substantial penalties. Even organizations that have implemented a CCPA compliance program will need to consider how to enhance that program to meet CPRA requirements. We distill insights offered the Privacy + Security Forum Spring Academy by speakers from Dentons, Exterro and Managed Privacy Canada on the CPRA and other state privacy law developments, and the enforcement landscape. See “What to Expect From the CPRA – California’s New Proposed Privacy Law” (Sep. 30, 2020).