Data Privacy: California Privacy Rights Act (CPRA), Health Information Portability & Accountability Act (HIPAA), and General Data Protection Regulation (GDPR)


Instructor: Carolyn Troiano
Product ID: 706951
Training Level: Intermediate

  • Duration: 90 Min

The California Consumer Privacy Act (CCPA) was enacted into law on June 28, 2018 and became effective on January 1, 2020. CCPA provided a variety of consumer privacy rights and the obligations of business related to their storage and sale of personal information.

Voters in California voted to approve Proposition 24, a ballot measure, on November 3, 2020, which created the California Privacy Rights Act (CPRA). The purpose of CPRA was to modify and expand the requirements of the CCPA, thus amending the original act. CPRA is commonly referred to as “CCPA 2.0.”

CPRA ends the ban on providing the CCPA’s consumer privacy rights to a company’s employees. Under CPRA, all employers must respond to requests from employees to access or correct their personal data. Enforcement of CPRA will become effective in July 2023, enabling companies six months to ramp up their efforts to comply with it.

CPRA also extends new protections to consumers residing in California. Those organizations doing business with these consumers are subject, based on defined threshold of operation, to the compliance requirements.

Last Recorded Date: Feb-2024


1 Person Unlimited viewing for 6 month info Recorded Link and Ref. material will be available in My CO Section
(For multiple locations contact Customer Care)

Downloadable file is for usage in one location only. info Downloadable link along with the materials will be emailed within 2 business days
(For multiple locations contact Customer Care)



Customer Care

Fax: +1-650-362-2367

Email: [email protected]

Read Frequently Asked Questions



Similarly, HIPAA and GDPRs extend protections to consumers residing in the US and the EU. These will be discussed along with the requirements for compliance.

The California Privacy Rights Act (CPRA) passed by voters in 2020 came into effect on January 1, 2023. It is considered to be an amendment to the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the key changes to California’s landmark CCPA that included in the CPRA and what businesses have to do to comply with the law.

We will discuss the differences between the CPPA and the CPRA, which adds some consumer rights in California. All of the consumer rights extended by both the CCPA and the CPRA will be delineated and explained. The CPRA also defines what is meant by a business, service provider, contractor, and third party. Further, it defines what is meant by the sale of personal information, the sharing of personal information, and sensitive personal information.

We will also discuss the thresholds required for the CPRA to be applicable to a company, and if it does apply, how a company can prepare by making any necessary policy or procedural changes in order to comply.

During this webinar, we will also cover the Health Information Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) that is in effect to protect citizens’ personal data when they reside in the European Union (EU). We will compare and contrast these with the CPRA, providing specific requirements and how industry subject to these regulations can meet compliance.

Why Should You Attend:

Any company that does business in the state of California must understand the rules that would force them to comply with both the CCPA and the CPRA amendment to it. Knowing whether these apply to your company is critical in order to fully prepare and be in compliance by July 2023, as any company doing business in California and meeting the thresholds described must comply by that date. This may mean a change to existing policies and procedures, and creating any necessary mechanisms for handling personal information of California residents in compliance with the rule.

Companies doing business in the US must also adhere to the HIPAA regulation, and those companies that hold personally identifiable data of individuals residing in the EU must meet the GDPRs.

We will discuss the specifics about these three regulations, indicating how they are similar and dissimilar, and the requirements that must be met.

It is important to know whether CPPA, CPRA, HIPAA, and/or GDPRs apply to your company, what obligations you may have imposed on your company as a result, and what you must do to comply with these.

Areas Covered in the Webinar:

  • The California Privacy Protection Act (CPPA)

  • The California Privacy Rights Act (CPRA)

  • New consumer rights extended to those residing in California through the amended CPPA, or CPRA
  • Enforcement obligations for the CPPA and CPRA
  • The California Privacy Protection Agency, newly created as part of the CPPA

  • Delineation by thresholds of which companies operating in California are obligated to comply
  • Specific obligations of companies that are subject to CPPA and CPRA
  • Actions companies may take to ensure compliance with the CPPA and CPRA
  • Definitions of sale, sharing, and related terms intended to describe actions by a company related to a consumer’s personal information
  • Privacy policies and procedures to be considered by companies obligated to comply
  • Actions consumers may take in a case where a company misuses their personal information or otherwise fails to comply with CPPA and/or CPRA
  • Health Information Portability and Accountability Act (HIPAA)

  • General Data Protection Regulation (GDPR)

Who Will Benefit:

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

Examples of who will benefit from this webinar include:

  • Information Technology Analysts
  • Information Technology Developers and Testers
  • QC/QA Managers and Analysts
  • Analytical Chemists
  • Compliance and Audit Managers
  • Laboratory Managers
  • Automation Analysts
  • Manufacturing Specialists and Managers
  • Supply Chain Specialists and Managers
  • Regulatory Affairs Specialists
  • Regulatory Submissions Specialists
  • Risk Management Professionals
  • Clinical Data Analysts
  • Clinical Data Managers
  • Clinical Trial Sponsors
  • Computer System Validation Specialists
  • GMP Training Specialists
  • Business Stakeholders/Subject Matter Experts
  • Business System/Application Testers

This webinar will also benefit any vendors and consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance.

Instructor Profile:
Carolyn Troiano

Carolyn Troiano
ERP Project Manager, City of Richmond

Carolyn Troiano has more than 30 years of experience in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe, developing and executing compliance strategies and programs.

Carolyn is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area.

Follow us :



Refund Policy

Our refund policy is governed by individual products and services refund policy mentioned against each of offerings. However in absence of specific refund policy of an offering below refund policy will be effective.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time. On-Demand Recording purchases will not be refunded as it is available for immediate streaming. However if you are not able to view the webinar or you have any concern about the content of the webinar please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).




6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2023 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method