CCPA & CPRA
The California Privacy Rights and Enforcement Act (CPRA) is a law that was passed on November 4, 2020. The CPRA brings about changes to the prior law on privacy and data protection in California, the California Consumer Privacy Act (CCPA). These changes will come into effect on January 1, 2023.
What is CCPA?
The California Consumer Protection Act (CCPA) is a law that protects consumers’ privacy rights and promotes consumer protection for citizens of California in the United States. Consumers have various rights under the CCPA regulations governing the use, sale or sharing of their personal data, with other organisations. It came into effect on January 1, 2020.
- Concerns those who
- Plan on having a marketing website that they want to make CCPA Compliant.
- Have a business in California or outside
- Want to set best practices for Data Privacy.
- Want to be CCPA compliant.
- Have a Common branding with a company liable to comply with CCPA is subject to CCPA compliance, too.
Rights under CCPA enjoyed by Consumers/ California Residents :
- Right to request disclosure
- Right to opt-out.
- Right to know.
- Right to delete
- Right to equal services and price.
- Right to be notified.
Fine:
Failure to comply with CCPA shall invite a fine of 7500$ per violation for businesses, and 750$ per affected person.
What is CPRA?
CPRA applies to California businesses that make a profit of more than $25 million yearly and collect, utilise, and distribute personal information about California residents.
The CPRA aims to supplement, upgrade and build upon the CCPA and shall replace it when it takes full effect from July, 2023. It covers under its ambit, the information collected during the course of January 1, 2022, to July 1, 2023.
Is applicable to business that deals with the information of at least 100,000 California residents. On the lines of GDPR, it isn’t necessary for the business to be located in California, if the business as much as interacts with the residents of California, it shall be subject to its compliance.
Fine:
Monetary penalties to the tune of 10 million $ or 3%, of the gross global revenue of an organisation, whichever higher, are imposed for violating the CPPA provisions.
- The salient features include:
- CPRA acts as a surveillance and enforcement tool for checking CCPA compliance.
- A special designation is given to Sensitive Personal Data.
- More legal recourses for those falling prey to data thefts and related inconveniences.
- Tripled fines and stricter penalties for crimes involving minors to ensure their protection.
- Restrictions on tracking of data.
- Provision of reporting, managing and making alterations to incorrect personal information/data for consumers.
How our privacy team can help
At Tsaaro’s, our privacy team comprises of experienced lawyers and InfoSec professionals. Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions. We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.
- Assess the applicable global personal data protection laws
- (Regulatory Assessement)
- Ensure Data Protection by Design
- Protection your organisation against hefty fines
- Improve customer and investor’s trust in your organisation