• Data Privacy: Navigating CPRA, HIPAA & GDPR Compliance Requirements for Industry
  • Data Privacy: Navigating CPRA, HIPAA & GDPR Compliance Requirements for Industry

    • Speaker : Carolyn Troiano
    • Session Code : CTAPR2123
    • Date : 21st April 2023
    • Time : This Event is Over and the Recorded Content is Available
    • Duration : 90 Mins



The California Privacy Rights Act (CPRA) passed by voters in 2020 came into effect on January 1, 2023. It is considered to be an amendment to the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the key changes to California’s landmark CCPA that included in the CPRA and what businesses have to do to comply with the law.


We will discuss the differences between the CCPA and the CPRA, which adds some consumer rights in California. All of the consumer rights extended by both the CCPA and the CPRA will be delineated and explained. The CPRA also defines what is meant by a business, service provider, contractor, and third party. Further, it defines what is meant by the sale of personal information, the sharing of personal information, and sensitive personal information.


We will also discuss the thresholds required for the CPRA to be applicable to a company, and if it does apply, how a company can prepare by making any necessary policy or procedural changes in order to comply.


During this webinar, we will also cover the Health Information Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) that is in effect to protect citizens’ personal data when they reside in the European Union (EU). We will compare and contrast these with the CPRA, providing specific requirements and how industry subject to these regulations can meet compliance.


Areas covered during the session:


  • The California Privacy Protection Act (CPPA)
  • The California Privacy Rights Act (CPRA)
  • New consumer rights extended to those residing in California through the amended CPPA, or CPRA
  • Enforcement obligations for the CPPA and CPRA
  • The California Privacy Protection Agency, newly created as part of the CPPA
  • Delineation by thresholds of which companies operating in California are obligated to comply
  • Specific obligations of companies that are subject to CPPA and CPRA
  • Actions companies may take to ensure compliance with the CPPA and CPRA
  • Definitions of sale, sharing, and related terms intended to describe actions by a company related to a consumer’s personal information
  • Privacy policies and procedures to be considered by companies obligated to comply
  • Actions consumers may take in a case where a company misuses their personal information or otherwise fails to comply with CPPA and/or CPRA
  • Health Information Portability and Accountability Act (HIPAA)
  • General Data Protection Regulation (GDPR)
  • Q&A


Why should you attend?


Any company that does business in the state of California must understand the rules that would force them to comply with both the CCPA and the CPRA amendment to it. Knowing whether these apply to your company is critical in order to fully prepare and be in compliance by July 2023, as any company doing business in California and meeting the thresholds described must comply by that date. This may mean a change to existing policies and procedures, and creating any necessary mechanisms for handling personal information of California residents in compliance with the rule.

Companies doing business in the US must also adhere to the HIPAA regulation, and those companies that hold personally identifiable data of individuals residing in the EU must meet the GDPRs.

We will discuss the specifics about these three regulations, indicating how they are similar and dissimilar, and the requirements that must be met.

It is important to know whether CPPA, CPRA, HIPAA, and/or GDPRs apply to your company, what obligations you may have imposed on your company as a result, and what you must do to comply with these.


What industries will benefit from your training?


Social Media, Sales & Marketing, Government, Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:


  • Pharmaceutical (for drug/tobacco/e-liquid products introduced using a medical device)
  • Medical Device, where there is integration with e-liquid and/or tobacco products
  • Tobacco (based on the Tobacco Control Act of 2009)
  • E-Liquid/Vapor (based on the “Deeming” Act of 2016)
  • E-Cigarette (based on the “Deeming” Act of 2016)
  • Cigar (based on the “Deeming” Act of 2016)
  • Third-Party companies that support those in the above industries, whether partnering or consulting


Who will benefit?


Personnel in the following roles will benefit:


  • Information Technology Analysts
  • QC/QA Managers
  • Retailers
  • Marketers
  • Sales Managers
  • Publishers
  • Editors
  • Website Administrators
  • Legal Professionals
  • Regulatory Professionals
  • Government Agencies
  • Clinical Data Managers
  • Compliance Managers
  • Manufacturing Managers
  • Supply Chain Specialists
  • Business Stakeholders responsible for data privacy
  • Consultants working in the life sciences industry who are involved in assuring data privacy
  • Auditors engaged in the internal inspection of records and practices related to privacy data

Carolyn Troiano has more than 35 years of experience in computer system validation in the pharmaceutical, medical device, animal health, tobacco and other FDA-regulated industries. She is currently an independent consultant, advising companies on computer system validation and large-scale IT system implementation projects.


During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA’s electronic record/electronic signature regulation.

Carolyn has participated in industry conferences. She is currently active in the PMI, AITP, and RichTech, and volunteers for the PMI’s Educational Fund as a project management instructor for non-profit organizations.

Write a review

Please login or register to review

Enrollment Options


Tags: Data Privacy, CPRA, HIPAA, GDPR, Compliance, Carolyn, Troiano, April 2023, Webinar