Privacy law has been a hot topic in California. It was not too long ago that the California Legislature passed the California Consumer Privacy Act (the “CCPA”). In fact, it was so recent that the CCPA officially went into effect at the beginning of 2020, with the enforcement period commencing as of July 1, 2020.
Despite the recent passage of the CCPA, the California Legislature is seriously discussing the passage of another privacy law by the end of 2020.The new privacy legislation is currently referred to as the California Privacy Rights Act (the “CPRA”).
Overview of the New Privacy Legislation
The CPRA is essentially a proposed addendum to the CCPA with the intention of filling in specific gaps and loopholes in the current law. The CPRA was a ballot initiative (Proposition 24) that the California voters approved earlier this month. The CPRA will have significant ramifications for individuals and businesses operating in the state. For example, the CPRA calls for the creation for a new agency (i.e. the California Privacy Protection Agency) that would be empowered to enforce privacy laws in California. This would likely be game-changer for many business owners and involve a significant investment in time and resources to fully audit your company’s compliance with California privacy laws. Under current law, the Attorney General’s office is empowered to enforce the CCPA and other privacy laws, according to Digiday.
Another major element of the CPRA is the addition of a new category of personal information. Specifically, the CPRA creates a new sub-category – “sensitive” personal information. This would entail additional compliance requirements to protect sensitive personal information, such as:
- Log-in credentials;
- Precise geolocation data;
- Race or ethnicity;
- Biometric data; and
- Data related to someone’s “sex life” or sexual orientation.
Another major component of the CPRA would be the requirement that companies take responsibility for the actions of other companies that utilize personal information of California residents. For example, the CPRA would mandate that a company engage in active monitoring of its third party service providers, such as advertising companies that process data to effectively engage in ad targeting. The CPRA would also give individuals the ability to submit a correction to personal information maintained by companies.
When Would the CPRA Go Into Effect?
The CPRA will not go into effect until January 1, 2023. However, the law would apply to any data collected by companies starting on January 1, 2022.
Looking for Assistance in Complying with California Privacy Laws? Contact an Experienced Business Lawyer in Los Angeles Today
As you can see, the privacy landscape in California is still being defined and can be difficult to navigate, especially for start-ups and small businesses. If you need assistance developing an information protection plan or complying with the CCPA, contact Hakim Law Group today. Hakim Law Group represents a wide range of entrepreneurs, operating companies, venture capital firms, and financiers in numerous sectors of the economy. We possess the experience, knowledge and professionalism to produce more efficient, responsive and effective results for our clients. To schedule a consultation or for further information please contact HLG at (310) 993-2203 or visit www.HakimLawGroup.com to learn more.