WebProNews

Tag: California Consumer Privacy Act

  • Virginia Following California’s Example With Privacy Law

    Virginia Following California’s Example With Privacy Law

    Virginia is poised to join California in enacting comprehensive privacy legislation to protect its citizens.

    Unlike the EU, the US does not have national privacy legislation. As a result, California was the first state to pass such legislation to protect its own citizens. The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. An updated California Privacy Rights Act (CPRA) was approved by voters on November 3, 2020 and goes into effect January 1, 2023. The CPRA builds on the CCPA, adding additional protections.

    Virginia is now on the verge of passing its own privacy legislation, according to Reuters. The Virginia Senate has passed a version of the bill, following the Virginia House’s passage of its own bill a week earlier. The next step is for legislators to reconcile the two bills and pass the reconciled version, which shouldn’t pose a problem since the two bills are almost identical. Once the governor signs the bill into law, it will go into effect January 1, 2023.

    Another state privacy law will further complicate things for companies that will have to abide by multiple state laws. Some companies were already applying the CCPA to all US customers and may decide to do the same with Virginia’s law, should it go into effect.

    Either way, if Virginia passes its own privacy legislation, it will increase pressure on the US government to pass comprehensive federal privacy legislation.

  • California Voters Pass Version 2.0 of the CCPA Privacy Legislation

    California Voters Pass Version 2.0 of the CCPA Privacy Legislation

    California voters passed Proposition 24, widely considered to be version 2.0 of the California Consumer Privacy Act (CCPA).

    The CCPA was a ground-breaking piece of legislation for the US, the first of its kind to so vigorously protect the privacy of consumers. In many ways, the CCPA was the American equivalent of the EU’s GDPR. Although the law was unique to California, some industry leaders vowed to apply its protections to all customers, even those outside of California.

    Proposition 24, officially known as the California Privacy Rights Act (CPRA), picks up where the CCPA left off, expanding the CCPA, closing loopholes and increasing protections even more.

    One of the biggest changes is the creation of a new agency that will oversee the enforcement of the regulation. Another change is that the CPRA makes companies collecting data responsible for what any companies they share that data with do with it.

    In addition, the CRPA differentiates between personally identifiable information and sensitive personally identifiable information, such as Social Security number, logins, precise location data and biometrics. This gives companies more options to fine-tune their marketing to use non-personal information, rather than lose access all-together.

    The legislation includes many other improvements, including more opt-in requirements, limits on how long companies may retain personal information, limits to how sensitive personal information may be used, reasonable expectations data will be kept secure, legal options if companies fail to do so and more.

    It’s a safe bet these increased measures and a dedicated enforcement agency will likely increase the CRPA’s reach even more than the CCPA’s. Since companies will be responsible for how third-party partners—including non-California partners—use data, many more companies will likely opt to apply CRPA protections to all of their customers in the interest of simplicity.