The rules implement the California Privacy Rights Act with requirements for businesses to share collected information with consumers at their request, among others.
06/07/2022 10:30 A.M.
2.5 minute read
The review of regulations to implement the California Privacy Rights Act is underway this month by the California Protection Agency, which is tasked with implementing the state’s data privacy law—one of the first and most comprehensive in the U.S.
“The California Privacy Rights Act (CPRA) established the California Privacy Protection Agency (CPPA), and requires the CPPA to adopt, amend, and rescind regulations on 22 topics—including among other things, definitions, exemptions, technical specifications for opt-out preference signals, automated decision-making, cybersecurity audits and risk assessments, record keeping, and monetary thresholds for ‘business’ eligibility—to carry out the purposes and provisions of the CCPA,” according to an article on the draft regulations from the Troutman Pepper Law Firm.
The CPRA was adopted in 2018 and took effect on Jan. 1, 2020. The CRPA focuses on privacy rights for consumers, such as the right to know personal information collected by businesses and the right to delete the information and stop it from being sold, according to a news release from the CPPA.
It started as a ballot initiative to build on the California Consumer Privacy Act.
In November 2020, California voters approved Proposition 24, the CRPA, which sought to amend the California Consumer Privacy Act, ACA International previously reported. Some of the California attorney general’s responsibilities under the California Consumer Privacy Act will transition over to the agency created under the CPRA. However, the attorney general will retain the authority to go to court to enforce the CPRA. Enforcement of the CPRA will begin in 2023.
The CPPA is the first independent data protection authority in the U.S. Its board is meeting on the draft regulations starting on June 8.
In its first round of draft regulations, the board will consider the right to correct, where “a business may consider the ‘totality of the circumstances relating to the contested personal information’ when determining if the contested personal information is more likely than not to be accurate,” consumers’ opt-out preferences, consent principles for data collection and more, according to Troutman Pepper.
Data Reporting Best Practices
For more information on data reporting and metrics, John Bedard, owner of Bedard Law Group PC, and Jeremy Nixon, owner of Rockbridge Consulting LLC, are hosting a four-part deep-dive series into how you can become more efficient with data to make strategic decisions. Each session of this series will continue to unveil more on compliance and operations metrics and decision making.
The next webinar in the series, Data Reporting: Compliance & Operational Metrics, is from 2 to 3 p.m. CDT, June 15. The following webinar in the series will be July 27. Visit the registration page here.
If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.