Just days before the enforcement of the California Consumer Privacy Act (CCPA) began on July 1st, 2020, the California Privacy Rights Act (CPRA) received enough signatures to qualify to be on the November ballot. This ballot initiative, also referred to as Prop 24, was drafted by the non-profit organization Californians for Consumer Privacy, and looks to extend and clarify several of the provisions in existing California privacy law. If this measure is approved, it will have major impacts on any company that works with the data of a California citizen.
The new California Privacy Rights Act incorporates the provisions set forth by the California Consumer Privacy Act (CCPA), but imposes new substantive obligations on businesses, grants consumers new rights, and modifies the CCPA’s enforcement provisions. Alastair Mactaggart, one of the main proponents of the ballot initiative that later served as the foundation of the CCPA, believes that the CCPA serves as a great baseline, but thinks that there are additional rights that California residents deserve.
The CCPA defined a “business” as any entity that operates for the profit or financial benefit of its shareholders that collects consumers’ personal information that does business within the State of California that meets one or more of the following thresholds
The CPRA adjusts this definition by
While it is widely regarded that the CPRA ballot initiative is likely to pass, businesses should continue to progress and maintain their CCPA compliance efforts. However, they should also monitor privacy developments not only in California but also at the federal level. If the CPRA is not approved, then businesses should prepare for the January 1st, 2021 expiration of the temporary exemptions for employee and business to business information.
In order to adhere to the expanding data privacy regulations, organizations will have to follow common core principles and practices of data privacy and security. In order to do so, they should:
Farrah Gamboa is a Director of Technical Product Management at Stealthbits – now part of Netwrix. She is responsible for building and delivering on the roadmap of Stealthbits products and solutions.
Since joining Stealthbits in 2012, Farrah has held multiple technical roles, including Scrum Master and Quality Assurance Manager. Farrah holds a Bachelor of Science degree in Industrial Engineering from Rutgers University
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.