If your business is already compliant with CCPA, then it is time to start preparing for the California Privacy Rights and Enforcement Act (CPRA), which will replace CCPA on Jan 1, 2023. The law looks to align more closely with European Union General Private Data Regulation (GDPR).
Fewer businesses will be affected by the CPRA than those before it, as the guidelines will then cover those who buy, receive, or sells at least 100,000 customers’ information. The annual revenue thresholds remain unchanged.
The new law does add more information to be covered as “personal,” including social security, driver’s license, and financial account numbers. It also includes genetic and health data, as well as known political beliefs or religious background.
In addition to the ability to opt out of information storage, customers are now able to ask for their information to be corrected. They can also opt out of data sharing for the purpose of digital advertising.
The maximum penalty for offenses involving consumers under 16-years-old will triple, and the California Privacy Protection Agency (CPPA) will become the sole authority on penalties.