BY Stephen Cavey | 24 November 2020
On November 3, 2020, California voters approved Proposition 24, establishing the California Privacy Rights Act (CPRA) as the most comprehensive consumer data privacy law in the United States. Commonly referred to as the CCPA 2.0, the law amends the California Consumer Privacy Act (CCPA) and expands the rights of California residents beginning on January 1, 2023.
While the CPRA won’t take effect until 2023, the law builds on the foundation of the CCPA and aims to enhance consumer privacy protections, as well as the obligations for companies and organizations that process personal information. There are a number of changes that organizations will need to become familiar with, but below are some specific changes to pay attention to:
These are just small samples of some of the changes under the CPRA. Representing the next generation of consumer data privacy laws, the CPRA is the next step for the world’s fifth largest economy to protect its residents and make the companies that do business in California more responsible with all forms of consumer data.
The CCPA was already often referred to as the “American GDPR” and the CPRA will further this by introducing several changes to consumers’ rights and the definition of personal information. With the implementation of the CPRA, the following concepts will be introduced:
These changes illustrate the evolution of consumer data privacy not just in the United States, but across the world. As consumers continue to interact, shop and share online, they are creating digital twins of themselves that businesses can use to get a better understanding of their target audience and customers. However, it is imperative that organizations take the time to understand the nuances of the CPRA or they run the risk of a compliance breach or loss of customer trust.
For businesses now looking to prepare for the CPRA implementation date, there are several steps to take. For starters, organizations will need to know if they are subject to the provisions within the CPRA. A good rule of thumb is that if your organization is subject to the CCPA, then you likely will also need to achieve CPRA compliance.
Next, know the key dates. For the CPRA, organizations will need to achieve compliance by July 1, 2023, three years following the CCPA enforcement date. But organizations should also keep in mind that the CPRA has a “look back” clause that applies to all data collected starting on January 1, 2022. So starting your compliance journey early and effectively will be critical to avoiding falling victim to this look back period.
And of course, businesses looking to achieve CCPA compliance and prepare for the CPRA must have the right tools in place to ensure compliance, starting with data discovery. By taking a no-assumptions based approach, through data discovery organizations will have a more holistic view of their data management strategies and locate missing or sensitive data because CPRA doesn’t differentiate between the data you know you store and don’t know about.
Ground Labs’ premier and award-winning data discovery software Enterprise Recon is able to detect over 300 types of structured and unstructured data, including CCPA-specific PII patterns. With the ability to map data across networks, servers, and platforms and demonstrate CCPA and CPRA compliance with custom reporting, your organization can proactively prepare for any data security challenge that comes your way.
If you are interested in learning more about the nuances and impact of the CPRA on the evolution of data privacy, check out my latest in Risk Management Magazine here.
Ready to learn how Ground Labs can help you and your organizations begin their path to CCPA and CPRA compliance? Schedule a demo today to find out more.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.