In 2018, the state of California passed a statute, known as the California Consumer Privacy Act (CCPA), to give consumers more control over how their personal data is collected and used by businesses.
A few months after the implementation of the CCPA, California approved Proposition 24, commonly referred to as the California Privacy Rights Act (CPRA), which amounts to an expanded CCPA compliance decree. This new privacy act will undergo several modifications before it becomes effective.
Nevertheless, businesses that are subject to the original CCPA need to start preparing for compliance. This article looks at the enforcement timelines of the new CCPA and what it means for businesses.
If your business hasn’t already done so, you need to work towards becoming CCPA compliant since the new privacy regulations have now gone into effect. Compliance protects your business from being investigated or penalized by the Office of Attorney General of California. But you probably want to know who must comply with the CCPA. This is one of the main questions asked by businesses operating in the United States. Previously, many business owners assumed that the CCPA applied only to the businesses based in California. But that’s not the case.
The CCPA applies to every profit-making entity that does business with residents of California. This means that your online business may be subject to the CCPA if it deals with customers who are based in California, even if you don’t have a physical store anywhere in the state. The new privacy act gives consumers in California more control over their personal data. It guarantees their right to request a company to disclose what personal information it has collected about them and how it intends to use it.
Another major benefit is the CCPA right to deletion of personal data collected by businesses. This gives the consumer the right to ask a business to delete whatever personal information it has collected from them in the course of their transactions. The act also requires businesses selling their goods or services to residents of California to provide their customers with a notice before collecting their personal data. This notice should show the categories of information the business intends to collect and for what purpose.
Crucial CPRA Timelines
The CPRA is scheduled to become effective on January 1, 2023. It will apply to all personal data collected on or after January 1, 2022. However, the act will only become enforceable starting July 1, 2023. Therefore, the current CCPA will remain effective until that date.
The newly established California Privacy Protection Agency has been acting on its judicial authority to shape the final regulations, which are expected to be complete by July 1, 2022. Throughout this period, the agency will evaluate opinions by businesses on the new CCPA regulations and attempt to incorporate them into the CPRA as needed.
Although businesses may feel that the new CCPA regulations are designed to frustrate them, they are expected to implement compliance measures to avoid penalties. Consumer data privacy regulations are important for protecting consumers against dishonest businesses that profit from selling their personal data.