An organization’s public-facing privacy notice (a.k.a., its privacy policy) is arguably the most important document that no one ever reads. No one in the purported audience, that is. Notwithstanding the stated intent of the California Privacy Rights Act (CPRA) to “help consumers become more informed” about data collection and management practices, the cynic in me suspects that the primary readers of any company’s privacy policy will be the regulators.
And given the CPRA’s creation of the California Privacy Protection Agency—a new regulatory body with a $10 million annual budget—drafters of privacy policies would do well to write with this audience, ...