The California Privacy Rights Act (CPRA) is a new privacy law that was passed by California voters in November 2020. It is an amendment to the California Consumer Privacy Act (CCPA) and is set to go into effect on January 1, 2023. The CPRA expands and strengthens the privacy rights of California residents and imposes new obligations on businesses that collect and use personal information.
Proposition of 24, the California Privacy Rights Act of 2020, was passed by the electorate in November 2020. A privacy law in California, known as the California Privacy Rights Act (CPRA), went into force on January 1, 2023. The CCPA has been modified into the CPRA. On July 1st, 2023, the execution will start. This is regarded as the most comprehensive state data protection law in the US.
The CPRA concentrates on Californians' rights, strengthening the state's already-existing privacy protections. Additionally, they presented new rights and organisations that will be in charge of assuming the responsibility for rulemaking.
The CPRA also creates a new agency, the California Privacy Protection Agency (CPPA), which will be responsible for enforcing privacy laws and regulations in California. The CPPA will have the authority to investigate violations of the CPRA, issue fines, and bring legal action against businesses that fail to comply with the law.
Overall, the CPRA provides California residents with enhanced privacy rights and protections, while imposing new obligations and requirements on businesses that collect and use personal information. Businesses operating in California should start preparing for compliance with the new law to avoid penalties and fines.
Understand the new requirements: Businesses should become familiar with the new requirements and obligations under the CPRA. This includes new data retention requirements, limitations on the use of sensitive personal information, new rules regarding data sharing and third-party disclosure practices, and the establishment of data inventory and mapping procedures.
Conduct a privacy assessment: Businesses should conduct a comprehensive privacy assessment to identify the personal information that they collect, use, and share. This includes an inventory of personal information and an analysis of the business’s privacy practices, policies, and procedures.
Implement data protection measures: Businesses should implement reasonable security measures to protect personal information. This includes measures such as access controls, data encryption, and incident response plans.
Review and update privacy policies: Businesses should review and update their privacy policies to ensure compliance with the CPRA. This includes updating policies related to sensitive personal information, data retention, and data sharing practices.
Establish procedures for responding to consumer requests: Businesses should establish procedures for responding to consumer requests related to their personal information. This includes procedures for deleting personal information, providing access to personal information, and opting-out of the sale or sharing of personal information.
Train employees: Businesses should train employees on the new requirements and obligations under the CPRA. This includes training on data protection measures, data inventory and mapping procedures, and procedures for responding to consumer requests.
Work with service providers and vendors: Businesses should work with their service providers and vendors to ensure compliance with the new requirements under the CPRA.
Only a year after the California Consumer Privacy Act (CCPA) went into effect, California's data privacy regime has been substantially updated with the passage of the California Privacy Rights Act (CPRA).The California Privacy Rights Act (CPRA) is a blatant indication that the US data privacy frontier is being advanced at full pace by the Golden State.Now that the CPRA is in full force (since January 1, 2023) websites, businesses and organizations, who have users from California should prepare for compliance.
click here to read more about California Privacy Rights Act