18 Nov The California Privacy Rights Act Is Coming
On January 1, 2023, the California Privacy Rights Act (CPRA) becomes fully effective. This could change things for some California businesses.
The CPRA was originally passed by popular vote in 2021. More than 56% of the voters who took part in the November election were in favor of the new law. Concerns about privacy, identity theft and the exploitation of personal data led to the creation of the project. The way the law stands, once it goes into effect, it will serve as a continuation of the California Consumer Privacy Act.
What the CPRA does is:
- Create some new definitions of privacy and what is considered private information
- Expand upon consumer rights
The biggest change connected to the CPRA is the California Privacy Protection Agency (CPPA). This is an agency that exists solely for the purpose of making sure that businesses are honoring the letter of the law when it comes to the rights of California’s citizens.
Once the CPRA goes into effect, California residents will be able to:
- Request the correction of any inaccurate information which businesses are required to change the inaccurate information whenever commercially possible.
- To make sure the collected information is minimized as much as commercially possible.
- Be notified whenever a business has a plan to use sensitive personal information.
- Request that the business refrain from sharing the sensitive personal information.
In addition to providing California residents with some new rights, the CPRA also expanded on some of the rights created by the CCPA, rights that some residents didn’t know they were entitled to.
The expanded rights include:
- Opt out of having their personal information shared with a third party.
- The ability to pursue a civil case against any business that shares extremely sensitive information, particularly passwords and account numbers.
- The right to see exactly what personal information the business is sharing.
When the CPPA goes into effect, it will impact businesses that:
- Have a gross annual revenue that exceeds $25 million.
- Handles the private information of at least 100,000 California residents.
- Uses the sale of private information for at least 50% of the annual revenue.
It will be interesting to see if additional steps will be taken that will make it even harder for California businesses to buy and sell personal information.