The California Consumer Privacy Act (CCPA), which became effective on January 1, 2020, substantially increased the privacy rights of California consumers.  The organization known as “Californians for Consumer Privacy” believes the CCPA does not go far enough.  This group is said to have obtained over 900,000 signatures on a petition in support of a new law which would be known as the California Privacy Rights Act (“CPRA”).  This proposed legislation is likely to be included on the California ballot this November. Although all of the specifics of the CPRA are not yet clear, it would include the following:

  1. Additional rights regarding personal information;
  2. Increased punishments regarding the assemblage and transaction of information of minors; and
  3. Creation of an agency to enforce privacy rights.

The CPRA would also increase fines for violations of the CCPA pertaining to the private information of minors. Currently, the CCPA includes penalties of $2,500.00 per violation and up to $7,500.00 for intentional violations. The CRPA would raise these penalties to $7,500.00 per violation and $22,500.00 per intentional violation. This could result in massive penalties as violations are based upon fragments of personal information obtained, and businesses typically collect many such fragments including names, addresses, account information, phone numbers, and email addresses. 

The CPRA’s proposed enforcement agency would supplement the California Attorney General, which is charged with enforcing the CCPA. 

[article_ad]

Privacy Rights Are Here to Stay

Calls for the regulation of privacy rights are on the increase. The proposed CPRA demonstrates California consumers’ significant desire to protect their personal information from use by businesses in ways they do not intend.  Because the CCPA became effective on January 1, 2020, businesses should already be following their security policies and procedures regarding consumers’ personal information. Businesses not in compliance should take immediate steps to do so since the California Attorney General has pledged to meet its July 1, 2020 deadline to begin enforcement.  If the CPRA passes in November of this year, businesses that deal with personal information of California residents will have even more obligations.

--

Editor’s Note: This article was originally published on Messer Strickler’s blog and is republished here with permission.


Advertisement