July 11, 2020

Volume X, Number 193

July 10, 2020

Subscribe to Latest Legal News and Analysis

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

CCPA 2.0 May Be Heading for the November Ballot in California

The consumer group Californians for Consumer Privacy announced on May 4, 2020, that it was submitting well over 900,000 signatures to qualify the California Privacy Rights Act (CPRA) for the November 2020 ballot.

This new ballot initiative, which can be reviewed here, creates some additional consumer privacy rights and expands some areas already included in the California Consumer Privacy Act (CCPA) regarding consumer privacy rights, including:

  • A new definition of sensitive personal information, including information about health, finances and a consumer’s precise geolocation;
  • a right of correction to allow California residents to request that a business correct personal information that is inaccurate;
  • increased administrative fines of not more than $2,500 for each violation or $7,500 for each intentional violation involving the personal information of consumers whom the business, service provider, contractor or other person has actual knowledge is under 16 years of age;
  • the creation of a new enforcement agency – the California Privacy Protection Agency – to enforce consumer privacy actions; and
  • changes to the private right of action, including a private right of action for personal information security breaches if the email address of a California resident – in combination with a password or security question and answer – is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information.

One of the stated purposes of the CPRA is that consumers should know who is collecting their personal information and that of their children, how that information is being used, and to whom it is being disclosed, so consumers will have the information necessary to exercise meaningful control over a business’ use of their personal information and that of their children. We will continue to follow the CPRA to track its progress.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 128


About this Author

Deborah A. George, Robinson Cole, Cybersecurity lawyer

Deborah George is a member of the firm’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team.

Deb advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters.  She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as  drafting and reviewing contracts, business associate agreements, and data use agreements. ...