Finally — 2020 is almost over. But before you breathe that sigh of relief, ask yourself: Am I prepared for the impending changes to privacy compliance laws? Whether you’re a PI-pro, or wishing we were talking pie instead — stick around. Our team has a huge pile of resources for you to ring in the New Year with a stress-free compliance plan.
Let’s take a quick dive into the world of the complex world of California consumer protection laws.
Basics, Please. What are these acronyms?
CCPA is the California Consumer Privacy Act. CPRA is the California Privacy Rights Act.
Good start. What is CCPA?
CPRA was adopted in 2018, and chances are, you’re already compliant within your organization (particularly if you do a lot of business in California). But for the uninitiated, and per the Golden State’s Department of Justice, CCPA includes:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
Fair enough. So what’s the deal with CPRA?
The citizens of California voted for CPRA via a ballot measure on Nov. 3, 2020. It takes CCPA and, basically, bolsters it quite a bit. For you, this means taking a look at your current compliance in terms of protecting your clients’ privacy. CPRA is way more specific.
Does CPRA replace CCPA?
Nope. It serves more to augment the initial law, rather than replace it. What’s the best way to break down the differences? Attend our upcoming Web Briefing — here’s a sneak preview of this session. Hear a conversation between Data Connectors Chief Strategy Officer Michael Hiskey and Spirion’s Scott Giordano from the Atlanta Virtual Cybersecurity Summit in the video below:
There are 49 other states aside from California, and I’m in one of them. Does this apply to me?
You have to meet one of three standards to fall under the law.
- Your business pulls at least half of your annual revenue from sharing or selling the personal information of California customers.
- Your business has a gross revenue greater than $25 million
- Your business buys/sells/shares the personal information of greater than 100,000 California customers or households.
Remember — all you need is ONE of those three. That makes this legislation fairly far-reaching, much like many of the state’s consumer protection laws.
For instance, anyone who has ever manufactured and sold a product to anyone in the U.S. knows that California laws strong-arm the entire industry into posting CA Prop. 65 warnings on, well, basically everything (we’re talking aloe vera, parking garages, and coffee). That means that even if you roast your coffee beans in Oregon, but sell it over state lines, you need to carry a Prop. 65 warning on your packaging.
So, if you meet the criteria, welcome to the wild West Coast. You’re expected to comply with CPRA as well as its predecessor, CCPA. And, if your goal is customer happiness and good business practice, then it makes sense to adhere to these guidelines — even if you have a very small number of customers or clients from California.
The challenge is in preparing your business for CPRA compliance — and, in a hurry. The measure that passed in November is going into law on January 1, 2021.
This is bigger than me. How do I learn more?
Fortunately, you don’t need a degree from a prestigious California law school to navigate these laws, because Spirion’s Scott Giordano already did that for you. Hop onto our Web Briefing on Dec. 17th at 2PM ET, and hear from Scott and a full panel of CISOs on how to help your business handle these changes and protect your customers’ data.