On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).
CPRA creates some of the following new rights and requirements:
- Right to restrict use of “sensitive personal information”;
- Right to correct data;
- Storage limitation: right to prevent companies from storing information longer than necessary and right to know the length of time a business intends to retain each category of personal information;
- Data minimization: right to prevent companies from collecting more information than necessary;
- Right to opt out of advertisers using precise geolocation (< than 1/3 mile);
- Penalties if email address and email password are stolen due to negligence;
- Restrictions on onward transfers of personal information;
- Establishes California Privacy Protection Agency to protect consumers;
- Requires high risk data processors to perform regular cybersecurity audits and risk assessments; and
- Requires the appointment of a chief auditor with power to audit businesses’ data practices.
Taken from the CFPB Public Site
We are licensed in California and would love to hear from you, should you need help with your compliance program.
Nelson A. Locke, Esq
Compliance Services, USA