The California Consumer Privacy Act CCPA was established as a law by the state legislator on June 28, 2018, to protect the consumer’s privacy throughout the golden state. CCPA went into effect on January 1, 2020, providing California residents with the right to data privacy and regulating how businesses handle personal information.
However, on October 17, 2022, several revised modifications were added to the privacy data CCPA, and companies across California should abide by these new amends in 2023. This recent and significant update, CPRA California Privacy Rights Act, includes new regulations. It has been in effect since January 1, 2023, forcing companies and organizations to prepare their data mechanism to comply with the recent changes.
On November 3, 2020, California voters favored Proposition 24, also known as the CPRA. This law provides consumers additional protection and includes a series of efficient privacy rights. It is sometimes referred to as “CCPA 2.0.”, but it does not replace CCPA.
The CCPA consisted of several rights: the right to know, the right to delete, the right to opt out of a sale, and the right to non-discrimination. However, the CPRA added a few alterations and new amendments:
The right for users to request correct inaccurate PII (personally identifiable information) and SPI (sensitive personal data)
The right to limit or disclose SPI “sensitive personal information.” The SPI includes the following points: biometric and genetic data, social security, driver’s license, passport number, state identification card, passwords, debit and credit card numbers, racial, ethnic origins, or religious details, union membership, and location.
The right for California residents to opt out of any profiling being shared or sold to third parties. Organizations will also face penalties if they sell and share personal information regarding minors without any parental or guardian consent.
The ability to allow consumers to request from businesses “look back” on all the personal data that was gathered, with whom, and how it was shared, dating back to 12 months. This “look back” provision can be provided from January 1, 2022, until the CPRA becomes effective on January 1, 2023.
It is required under CPRA to retain a minimum amount of data that is only essential for the organization to fulfill its requirements. In addition, businesses should not keep data for longer than necessary; if they do, a justification must be presented, and they must notify the user. The criteria to Comply with CPRA remained almost the same as in CCPA, but with a slight change:
Businesses should comply if they obtain a revenue of more than $25 million or gain 50% from selling personal data.
Businesses should comply if they process data of more than 100,000 users instead of 50,000.
The California Privacy Protection Agency was created to enforce the CPRA starting July 1, 2023. It is responsible for raising awareness about data privacy and ensuring that consumers’ rights are protected while implementing penalties on non-compliant entities.
Suppose you’re a business owner in California. In that case, it’s essential to be aware of the recent changes in California privacy laws 2023 to ensure your company is abiding by the rules to prevent extreme fines and damages to your business.
Relying on software and applications is the perfect solution for organizations to regulate all the data they retain while following the requirements to comply with the CCPA in 2023.
Andreas Springer _Actonic_
Head of Marketing
Actonic GmbH
Germany
2 accepted answers
1 comment