The California Privacy Rights Act (CPRA) is now on the statute books for the State of California, and expands the scope of the recent California Consumer Privacy Act.  Broadly, both come into effect fully in January of 2023 (some of the employee data provisions are held over), so if you do business in California, then you had better check this out now.  What is critical is that for the first time, enacting state law is no longer the remit of the Attorney General when a formal Committee takes on the role like the UK Information Commissioner or the European Data Protection Board. This Agency have full administrative power, authority, and jurisdiction to implement and enforce the CCPA.  This CPRA extends definitions to cover personal sensitive and personal information.  This now includes social security numbers, tax details, driver’s licenses, passport, green cards, online credentials, financial information, and a whole lot more.  Approximating now to the EU GDPR.  Consumers now have rights to correct personal information and how long its kept. Can opt out of advertising, and limit how sensitive information is used.  Employee Data is included, as are the rights to liability claims from negligent abuse of the legislation’s terms or rogue disclosure.

Leave a Reply