With less than a year before the California Privacy Rights Act of 2020 (CPRA) becomes effective in 2023, it is critical for fund managers to carefully assess and update their privacy compliance programs to minimize risks. The CPRA is the most restrictive U.S. data protection law, with severe restrictions on consumer profiles, its own enforcement agency and substantial penalties. Even managers that have implemented compliance programs for the the California Consumer Privacy Act of 2018 will need to consider how to enhance those programs to meet CPRA requirements. This article distills insights offered at the Privacy + Security Forum Spring Academy by speakers from Dentons, Exterro and Managed Privacy Canada on the CPRA and other state privacy law developments, as well as the enforcement landscape. For more on privacy, see “Navigating the Intersection of Blockchain and Data Privacy Laws” (Jun. 2, 2022).