In a data-fueled world, we’re witnessing a record-breaking number of data breaches. For example, in 2018, Facebook reported 50 million account breaches. California’s passage of the California Privacy Rights Act (CCPA) builds upon the California Consumer Privacy Act (CCPA). The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have a profound impact on the privacy and data security landscape.
The introduction of California data privacy law proceeds with a wave of possibility that similar data policies will quickly escalate throughout the US. The EU’s privacy regulation, GDPR, is the gold criteria for data privacy laws, and CPRA gets closer to data privacy. Moreover, CPRA gives users greater control over access to personal information administered by companies than CCPA.
CCPA VS. CPRA: What Businesses need to know
The CPRA California privacy act strengthens the existing regulatory standards of CCPA. In addition, the new consumer rights include additional provisions for third-party vendors, compliance standards of enforcement, and requested businesses to perform regular cybersecurity audits.
Here’s a closer look at the differences between CCPA Vs. CPRA.
User’s Private Right to Action
Consumers have the right under California privacy acts to pursue a right of action if an unencrypted data breach occurs from the company’s negligence. However, CPRA gives the user additional rights like the user can employ civil actions against unredacted information and data about email addresses, passwords, or security questions.
Third- party Contractors
Even though third parties are included within the CCPA compliance, it limits the service providers. For example, it includes any vendor that processes personal data for commercial purposes, payment authorizers, and service providers.
Under California Privacy Rights Act, third-party participants are effectively closed following the loopholes regarding consumer data with any organization under contract with businesses. Today, users oblige companies to know who they share or sell their data.
The CCPA includes several prominent consumer rights under the revised CPRA policies and two additional data privacy policies. While both California laws give consumers the right to:
- Understand what information the company stores and accesses at any time.
- The right to have personal data deleted if requested with no delay.
- The right to drop off sharing the data even during the sales process.
- Not penalize consumers if they refuse to share their information.
However, under CPRA:
- Users can limit the information they choose to disclose or share.
- Consumers can appeal to any incorrect information to change promptly without incurring penalties by the organization.
Limiting Data Usage
The California Consumer Privacy Act does not limit user information usage. However, with CPRA, the act limits the collection and use of identifiable consumer information to what is necessary. Under the ccpa compliance, companies cannot retain or use data that is not essential or no longer in need.
Employee exemption under CCPA lapsed in January 2021, but the new act extends the deadline to January 1st, 2023. The extended framework gives employers and employees more time to handle the details associated with the management of personal data.
Under CPRA, employees can request private action if a security breach involving their personal information occurs. The extension allows companies to have more time to label these concerns and respond to employees in a cybersecurity intrusion.
There is no question that the California data privacy law is drastically transitioning the process in which data-driven businesses operate. While the data breach barriers are not so tall that you can skip over them. Instead, we recommend that you understand how to tap into tools that support your long-term business goals.