Categories: Security

CCPA (CPRA) Is Coming – What’s On the Radar?

CPRA – the California Privacy Rights Act – and the CCPA (California’s Consumer Privacy Act) are the Californian version of the GDPR. Both CCPA and CPRA are said to be elected by California’s voters in November 2020, and the laws are said to come in full effect come January 2023.

The CCPA is said to apply to all business entities doing business in California that collects, shares or sells the data of the people living in California. That’s not it, though: the law applies to businesses that either:

  • Have annual revenues in excess of $25 million (gross); or
  • Has personal information on 50,000 or more consumers, households, or devices; or
  • Sells users’ personal information while at the same earning more than half of its annual revenue.

For those who are interested in learning about CCPA and CPRA on a deeper level, there’s a bit of information on the State of California’s Department of Justice – the information is available here. Here’s what everything means in simple terms:

  • All residents of California may ask businesses to disclose information that the business has about them and what they do with that information; all residents also have “the right to be forgotten” (to request the deletion of their data), or request not to sell their data to third-party vendors.
  • Personal information is considered to be all information that’s in some way attributable to a person or his or her household.
  • Businesses cannot be sued for CCPA violations but can be sued if there’s a data breach (and if they meet certain conditions outlined by the act – basically, if the data breach includes really sensitive data.) For some violations of the privacy act, only an attorney can initiate actions against businesses.
  • All businesses that are subject to CCPA must provide a clear statement titled “Do Not Sell My Personal Information” with a link on their website that allows people to opt-out.
  • All customers of businesses that are subject to CCPA have the right to request the business to show the personal information the business has collected about them including what information was collected, from what source it has originated, what purpose it’s used for, etc.
  • Businesses subject to the act must provide at least two methods for people to submit a right to know how their information is being collected. Businesses must respond to the request within 45 days. With notification, the deadline can be extended to 90 days.
  • The CCPA requires businesses to provide customers with information regarding the collection of data – what data is collected, for what purpose, etc. Such a practice is sometimes called a “notice at collection.”
  • Businesses that adhere to the CPRA cannot charge different prices, not provide products, etc. simply because you’ve made use of some (or all of) the protection provided by the CPRA. Basically, people should not be discriminated.
  • All provisions can be found over at the aforementioned State of California’s Department of Justice – they can be found here.

Some people may have concerns whether CCPA applies to all citizens of the US, and the answer to the best of our knowledge is no. It is said that only California’s residents would have rights outlined by the new privacy act. While some residents of the US might not able to enjoy as much protection as citizens of EU countries do due to GDPR, in our opinion, the introduction of CPRA is certainly a step in the right direction. We hope that this blog post has shed some light on the upcoming act of CPRA (CCPA), make sure to learn more about it on official sources, make sure to scan yourself through a list of known data breaches to be on the safe side when on the web, and until next time!

Nirium

Recent Posts

Important Google Play Store Update: Google to Verify Developers to Block Malware in Apps

Developers of Android apps will soon need to verify their identity as a result of…

5 hours ago

Millions of McDonald’s Job Applications Exposed: The Hidden Risk Behind the McDonald’s Breakfast Menu

A fan of the McDonald’s breakfast menu? Bad news - over 60 million job applications…

8 hours ago

T Mobile Customers to Receive Data Breach Settlement Checks

In 2021, hackers had allegedly accessed sensitive personal information pertaining to over 53 million customers…

1 day ago

Is Your Seagate External Hard Drive Real? A Hard Drive Fraud Ring Uncovered in Malaysia

Seagate has uncovered a Seagate external hard drive and internal hard drive fraud ring in…

1 day ago

Hackers Are Using AI for Phishing and Spear Phishing Campaigns

Hackers are using generative AI for phishing and spear phishing campaigns. Learn more here!

1 day ago

Signed Up for a VPN Free Trial? Your Privacy May be in Danger

A Chrome VPN extension may pose a danger to your privacy. A VPN free trial…

2 days ago