Authors:
Ron Raether, Partner, Troutman Sanders
Wynter Deagle, Partner, Troutman Sanders
Sharon Klein, Partner, Pepper Hamilton
Alex Nisenbaum, Partner, Pepper Hamilton
Sadia Mirza, Associate, Troutman Sanders
Sam Hyams, Associate, Troutman Sanders

On June 24, 2020, the California Secretary of State released a memorandum (available here) stating that the California Privacy Rights Act (the “CPRA”), also known as the CCPA 2.0, passed the threshold of signatures to be on the November ballot for California’s General Election. The CPRA, which was introduced by Californians for Consumer Privacy, the group behind the California Consumer Privacy Act of 2018 (the “CCPA”), would expand upon the CCPA’s consumer privacy rights and move California privacy law closer in the direction of the EU General Data Protection Regulation (“GDPR”). For example, the CCPA would create a new right to correct inaccurate personal information and a new right for consumers to opt out of the use or disclosure of sensitive personal information for advertising and marketing purposes. The law would also establish a “California Privacy Protection Agency” to enforce the CPRA. For more discussion on the specifics of the CPRA, see Troutman Sanders’ article, available here.

Early polling done by Californians for Consumer Policy (the group behind the initiative) suggests support for the CPRA—stating that nine in ten Californians surveyed stated they would vote in favor of the CPRA. A summary of this polling is available here. If the CPRA passes, it will go into effect January 1, 2023 and likely require additional rulemaking, which could create confusion for business compliance similar to the CCPA. For discussion about substantive rule making involving the CCPA, see Troutman Sanders’ articles, available here and here. Troutman Sanders will continue monitoring the CPRA and provide relevant updates and analysis.

In the meantime, businesses should focus on complying with the CCPA, including building in flexibility to adjust to modifications and clarification such as with the proposed enforcement regulations. The CCPA has officially been in effect since January 1, 2020, and is scheduled to be enforced starting July 1, 2020. Earlier this month, Attorney General Xavier Becerra submitted the final proposed regulations for the CCPA to the state Office of Administrative Law. AG Becerra requested an expedited review so that the regulations can take effect July 1. For more discussion on the process of approving the final proposed regulations, see Troutman Sanders’ article, available here.

Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

Read more about Ronald I. Raether, Jr.EmailRonald I.'s Linkedin Profile
Show more Show less
Photo of Wynter Deagle Wynter Deagle
Email
Photo of Sadia Mirza Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

Read more about Sadia MirzaEmailSadia's Linkedin Profile
Show more Show less
Photo of Sam Hyams Sam Hyams
Email