Just when you thought you were ready for CCPA, it may be time for more changes. That’s because a new initiative could be on the California voter ballot in November 2020. The California Privacy Rights and Enforcement Act of 2020, or CPREA, will revise and expand CCPA in an effort to prevent amendments that undermine its consumer protections.
If CPREA becomes law, it would:
- Create new rights around the use of sensitive personal information including race, ethnicity, geolocation, health, and financial information.
- Provide enhanced protection for children’s privacy by requiring opt-in consent to collect data from individuals under 16. It would also triple CCPA fines on children’s privacy violations.
- Require transparency around automated decision-making and profiling in regards to employment, housing, credit, and politics.
- Establish the California Privacy Protection Agency to enhance enforcement of the law and provide guidance to consumers.
- Require corporations to disclose whether and how they use personal information to influence elections.
- Require that future amendments are limited to furthering the law.
What would this mean for your organization? To start, you’ll have to think more about who your consumers are as well as how you target them. They’ll be more informed and better equipped to protect their rights, making how you handle their data more important than ever.
But there’s no reason to panic. You’re already hard at work preparing for CCPA to go into effect in just a couple of months, which means you’ve laid the groundwork for what’s to come. The fact is, you’re already on the path forward, even if the rules change as you go.
So what can you do now? Involve a few key members of your team and review these 3 areas with the proposed changes in mind:
- Plans and policies: Go over your data risk assessment plan, consumer privacy policies, and job applicant policies. Also, ensure your company insurance polices will cover damages if you do have a data breach or are subject to a data privacy investigation
- Website: Review your usage plan and ensure public facing web documents are updated and contain language synced to your internal privacy policies.
- Employees: Update employee privacy notices and ensure training programs are in place and executed to key members of your organization.
When it comes to data privacy, I think 2020 is going to be one for the history books. And while we all have much to think about when it comes to how we handle, utilize, retain, sell, and collect consumer data, starting the conversation is a good place to be. Need help? Here at Mar Dat Advisors, we specialize in the business of data compliance so you can continue to grow your business.