Framework hub

CPRA

CPPA

California Privacy Rights Act amending CCPA with enhanced consumer rights and CPPA enforcement.

Programme aligned

HLD Group maintains policies and controls mapped to this framework as part of our security and compliance programme. This hub describes programme alignment — not a third-party certification or attestation unless separately agreed in your contract.

Programme focus areas

Sensitive personal information
Automated decision-making
CPPA enforcement

Policies meeting this framework

The following published policies and programme documents are mapped to CPRA. Status: published and under periodic review.

Privacy Policy
How personal data is collected, used, stored, and shared.
v2.0 · review every 365 days
Published
Data classification policy
Classification levels and handling requirements for information assets.
v1.3 · review every 365 days
Published
Data retention & disposal policy
Retention schedules and secure destruction of information.
v1.0 · review every 365 days
Published
Data processing & DPA standards
Processor obligations, subprocessors, and data subject rights.
v1.0 · review every 365 days
Published
Breach notification policy
Notifying regulators, customers, and individuals of data breaches.
v1.0 · review every 365 days
Published
Vendor & third-party risk policy
Assessment and ongoing management of suppliers and subprocessors.
v1.4 · review every 365 days
Published
Risk management policy
Identifying, assessing, and treating organizational risks.
v1.5 · review every 365 days
Published

Assurance note

Programme alignment means HLD maintains controls, policies, and monitoring mapped to CPRA requirements appropriate to our services and risk profile. It does not by itself constitute certification, authorization, or a SOC/ISO audit report. Customers requiring formal attestations should contact [email protected].