On Nov. 3, 2020, California voters approved the California Privacy Rights Act (“CPRA”), which is another step forward in California’s expansion of data protection. The CPRA expands privacy rights under the California Consumer Privacy Act (“CCPA”), which went into effect on Jan. 1, 2020. With the CPRA’s detailed and extensive provisions, its passage appears to move California’s data privacy protections closer to the ones afforded by the European Union’s General Data Protection Regulation (“GDPR”).
The CPRA becomes operative on Jan. 1, 2023, and will apply to personal information collected after Jan. 1, 2022. Civil and administrative enforcement will commence on July 1, 2023. The law is lengthy, expansive, nuanced and subject to further regulations, which makes it important that organizations, including those outside of the state, implement a robust compliance strategy. Our cyber experts have compiled an overview (opens a new window) of the business impacts, consumer rights and best practices to help your business ensure compliance with CCPA.