October 15, 2021

Volume XI, Number 288

Advertisement
Advertisement

October 15, 2021

Subscribe to Latest Legal News and Analysis

October 14, 2021

Subscribe to Latest Legal News and Analysis

October 13, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

California’s Prop 24: Voters Approve the New California Privacy Rights Act

On November 3, 2020, California’s voters approved Proposition 24, the California Privacy Rights Act of 2020 (the so-called CCPA 2.0). This means that the new California Privacy Rights Act (CPRA) will amend the California Consumer Privacy Act (CCPA) with some significant changes.

Effective Date

The act takes effect on January 1, 2023, with a one-year lookback provision. This means it applies to information collected on or after January 1, 2022.

New Government Agency

The CPRA creates the California Privacy Protection Agency (CPPA)—which is “vested with full administrative power, authority and jurisdiction to implement and enforce” the CCPA, as amended by the CPRA.

Sensitive Personal Information

The new law defines a new category of “sensitive personal information,” to include the usual identifiers such as Social Security number, driver’s license number, passport number, and account information, but also new categories of information, such as precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, personal communications (i.e., the content of emails and text messages), genetic data, biometric or health information, and sex life or sexual orientation.

Additional Provisions

In addition to these changes, once effective, the new law will implement the following changes:

  • A new right for consumers to limit use and disclosure of Sensitive Personal Information.
  • New limits on automated profiling to analyze or predict aspects concerning a person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
  • New requirements for annual audits and regular risk assessments for high-risk businesses
  • A new right for consumers to request correction of inaccurate personal information
  • New penalties and increased fines for mishandling children’s data
  • New restrictions on the length of time a business can retain personal information
  • New definitions, requirements, and obligations for service providers, contractors, and third parties

Employment and Business-to-Business Exemptions Under the CCPA

Exemptions under the CCPA with respect to employment-related and business-to-business information are extended to January 1, 2023. However, the existing exemption for employment-related information is not a complete exemption, and employers are still required to comply with certain provisions of the CCPA.

Next Steps for Employers

The CCPA remains in effect until January 1, 2023. As such, businesses will be required to comply with the CCPA while making preparation to comply with the CPRA.

© 2021, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.National Law Review, Volume X, Number 310
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Sean Paisan, Ogletree Deakins, Litigation Attorney
Of Counsel

Sean Paisan is a trial attorney that specializes in helping employers through comprehensive and thoughtful representation. His diverse background in business, commercial, employment, general liability, and regulatory law provides him with an unparalleled ability to “see all of the angles” in order to identify and control risks inherent in running a business. His extensive litigation experience includes both jury and nonjury trials, administrative law trials, appeals hearings, and binding arbitrations. His diverse practice includes the representation and counseling of clients in the areas...

714-800-7900
Advertisement
Advertisement
Advertisement