Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.
On November 3, California citizens approved the California Privacy Rights and Enforcement Act (the CPRA), a comprehensive privacy law that amends another privacy law that went into effect in the state on January 1, the California Consumer Privacy Act (CCPA). The CPRA is intended to strengthen privacy regulations in California by creating new requirements for companies that collect and share sensitive personal information. It also creates a new agency, the California Privacy Protection Agency, that will be responsible for enforcing CPRA violations.
Most privacy attorneys agree that the CPRA was created with the European Union’s General Data Protection Regulation (GDPR) in mind, adding teeth to the stipulations that existed in the CCPA. Consumers will be able to correct inaccurate personal information that business hold, and fines are steep for violating the children’s data protection requirements under the CPRA. Most of the law’s provisions will go into effect on January 1, 2023, with some provisions requiring a look-back to 2022.
The CPRA defines “sensitive personal information” to include an expansive range of data elements, including government-issued identifiers such as drivers licenses, passports, and Social Security numbers as well as financial account information, geolocation, race, ethnicity, religion, union membership, personal communications, genetic and biometric data, health information, and information about sex life or sexual orientation.
This article appeared in CSO Online. To read the rest of the article please visit here.