Back to the Library
Privacy was on the ballot this November, at least in California. And it appears that enough people voted in favor of Proposition 24, the California Privacy Rights Act (CPRA), for it to become law. Although the CPRA technically becomes effective five days after the California Secretary of State certifies the voting results, the bulk of the law – which is an overhaul of the California Consumer Privacy Act (CCPA) – will not come into force until January 1, 2023. Businesses have some time to prepare for the most significant changes, which we have written about previously. Those changes include handling a new category of “sensitive personal information,” the expansion of the existing CCPA private right of action, and mandatory changes to company privacy policies. So what happens to the CCPA, and what do businesses have to prepare for? The answer is not much in the short term.
Until the CPRA becomes fully effective in 2023, the CCPA remains in full effect. That means businesses should keep up with their CCPA compliance, including being attentive to new California Attorney General regulations. The following CPRA provisions – which largely do not impact businesses directly – will become effective once the California Secretary of State certifies the voting results:
Because of the phased effective dates for CPRA’s provisions, businesses have time to revise their policies and prepare for the full weight of the CPRA. Of course, that does not account for whatever CPRA regulations the California Attorney General publishes, which we expect to be previewed perhaps as early as late 2021.
Jenner & Block has developed a checklist for clients to compare their existing CCPA privacy notices against the new requirements of the CPRA. If you need assistance preparing for the CPRA, please contact the authors.