As enterprise risk management leaders take stock of the year ahead, the raft of imminent new privacy laws and regulations present a risk that organizations simply cannot afford to ignore.

On January 1, 2023, the California Privacy Rights Act (CPRA) will officially go into effect, expanding the rights of consumers over how their private data can be used and, in turn, intensifying the compliance obligations for businesses that operate in the state or have customers who are residents. While it is not the only state law coming into effect in the new year, it merits particular attention as it has the broadest impact.