Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

CPRA Poised to Go On November 2020 Ballot

By Philip N. Yannella & Katie Morehead
May 11, 2020
EmailTweetLikeLinkedIn

While businesses are busy finalizing CCPA preparations, a new privacy initiative in California called the California Privacy Rights Act (CPRA) may be headed to the November 2020 ballot.

The original CCPA began in 2018 as a ballot initiative in California but was enacted by the California legislature in June of 2018. However, Californians for Consumer Privacy, the leaders behind the original ballot initiative, are unsatisfied with the current version of the CCPA. According to Californians for Consumer Privacy, two things have happened since the CCPA was passed: first, they believe large companies have worked to weaken the effectiveness of CCPA. Second, they believe technological tools have evolved in ways that exploit consumers’ data with potentially dangerous consequences. On May 4, 2020, Californians for Consumer Privacy announced that they had received over 900,000 signatures to qualify the CPRA for the November 2020 ballot in California. Here are a few examples of the new rights and requirements the CPRA would impose:

  • Right to restrict use of “sensitive personal information”;
  • Right to correct data;
  • Storage limitation: right to prevent companies from storing information longer than necessary and right to know the length of time a business intends to retain each category of personal information;
  • Data minimization: right to prevent companies from collecting more information than necessary;
  • Right to opt out of advertisers using precise geolocation (< than 1/3 mile);
  • Penalties if email address and email password are stolen due to negligence;
  • Restrictions on onward transfers of personal information;
  • Establishes California Privacy Protection Agency to protect consumers;
  • Requires high risk data processors to perform regular cybersecurity audits and risk assessments; and
  • Requires the appointment of a chief auditor with power to audit businesses’ data practices.

 

These new rights and requirements would add additional responsibilities to businesses subject to the CCPA. For example, with the expanded definition of “sensitive personal information” businesses would need to evaluate if they are collecting sensitive personal information, and if so, be prepared to limit the disclosure and use of this sensitive personal information if the consumer makes a request. The storage limitation requirement would make it necessary for businesses to implement a data retention policy surrounding the storage of personal information and be ready to tell consumers how long they intend to keep each category of personal information. These changes would create a law more similar to the GDPR than the CCPA now. Consumers would be given greater control over their personal information and businesses would face additional compliance obligations on top of those preparations done for the CCPA.

Whether the CPRA will be on the ballot in November will depend on if the secretary of state can verify at least 623,212 signatures by the June 25 deadline. If there are enough valid signatures, the CPRA will be on the ballot in 2020 and could change California’s privacy laws once again.

Philip N. Yannella

yannellap@ballardspahr.com | 215.864.8180 | view full bio

As Practice Leader of Ballard Spahr’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use…

yannellap@ballardspahr.com | 215.864.8180 | view full bio

As Practice Leader of Ballard Spahr’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Phil regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Phil serves on the advisory board for the ACC Foundation’s Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.

Read more about Philip N. YannellaEmail
Show more Show less
  • Posted in:
    Privacy & Data Security, Technology
  • Blog:
    CyberAdviser
  • Organization:
    Ballard Spahr LLP
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Global Trade Law Blog
  • The Quick Take
  • Consumer Privacy World
  • Energy Law Report
  • Litigators at Work
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog