IDC Names Securiti a Worldwide Leader in Data Privacy
ViewListen to the content
Securiti’s CPRA assessment evaluates your readiness for CPRA and reviews how compliant your current practices are. This assessment highlights any deficiencies in your practices & aid in your CPRA compliance efforts.
For more information about the California Privacy Rights Act (CPRA) and how to kickstart your CPRA compliance program, see our CPRA Compliance Checklist here and download our white paper on 7 Essential Tips to Prepare for the CPRA.
The California Privacy Rights Act (CPRA) is on the ballot this November. It is expected to change the legal landscape of data privacy regulation by bringing significant changes to the California Consumer Privacy Act (CCPA) and imposing stricter obligations on businesses. Some of the key changes that will be introduced by the CPRA are as follows:
The CCPA currently applies to businesses who operate in California which:
The CPRA will only apply to businesses who operate in California, which:
November 2002: Ballot results are certified and CPRA is enacted if voted in
January 2021: CPRA becomes operative
February 2021: California Privacy Protection Agency gets established
July 2021: Rulemaking process commences
January 2022: 12-month lookback period for collected data commences
July 2022: Deadline for CPPA to adopt final regulations
January 2023: CPRA becomes fully operative and enforceable; employment and B2B exemptions expire, and those datasets become fully integrated by the CPRA
One of the strongest criticisms of the CCPA was that it failed to create an independent entity for the enforcement of the highly specialized data protection law. The CPRA however addresses this by creating a new dedicated enforcement authority, the California Privacy Protection Agency (CPPA).
The CPRA creates a new sub-set of personal information, sensitive personal information. Businesses cannot use sensitive personal information for purposes other than it was collected unless they provide notice to the concerned consumer along with an opportunity to stop further processing.
The CPRA gives consumers new rights and modifies the already existing rights under the CCPA. Below is a consolidated list of rights under the CPRA:
The CPRA has expanded the types of covered personal information to include emails and passwords, two of the most common types of information leaked in data breach events. The CPRA also clarifies that any implementation of reasonable security measures after the occurrence of a data breach does not cure the violation.
Under the CPRA, businesses are required to honor opt-out and access requests received for the processing of personal information by automated decision-making including profiling. For the purposes of an individual’s right to object to profiling, businesses must provide meaningful information about the logic involved and a description of the likely outcomes of such decision-making processes.
The CPRA has introduced stricter penalties against failure to protect personal information belonging to minors. Any violation of an opt-in sale and share of personal information rule in relation to a minor can result in a $7500 administrative fine, which is three times the minimum amount of $2500. Moreover, the CPRA requires businesses to respect global opt-out preference signals identifying consumers as minors.
The CPRA introduces the following new notification obligations on businesses that were not explicitly part of the CCPA:
The CPRA classifies three distinct categories of entities a business is likely to interact with in relation to the processing of personal information of consumers and requires businesses to have written contracts to engage with them. These categories are contractor, service provider and third-party. Businesses must take reasonable steps to ensure that the entities they are engaging with protect personal information as per the requirements of the CPRA.
Omer Imran Malik (CIPP/US, CIPM) is a data privacy and technology lawyer with significant experience in advising governments, technology companies, NGOs and legislative think-thanks on data privacy and technology related legal issues and is an expert in modeling legal models for legal technology. He has been a prominent contributor to numerous esteemed publications, including Dawn News, IAPP and has spoken at the World Ethical Data Forum as well.
His in-depth knowledge and extensive experience in the industry make him a trusted source for cutting-edge insights and information in the ever-evolving world of data privacy, technology and AI related legal developments.
Get all the latest information, law updates and more delivered to your inbox
July 23, 2023
The California Consumer Privacy Act was drafted to protect an individual’s personal data. This Act was designed to make organizations responsible custodians of the...
July 19, 2023
Many business owners, compliance professionals, and IT security staff have been scrambling to deal with the impact that GDPR had when it took effect...
July 18, 2023
In our previous blog post “How to Manage DSARs Under CCPA Efficiently and Effectively” we defined and discussed Data Subject Access Rights or DSARs...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128