Proposed California Privacy Rights Act Could Expand Data Security Enforcement In US

On December 17, 2019, the California Privacy Rights Act was formally introduced into the Golden State’s legislative process. An initiative to expand efforts to regulate online consumer data protection and better define prosecution for organizations that fail to protect that info, the act represents a further milestone in a state that’s emerged as a pioneer for online data laws.

What does this mean for businesses? Even if you’re not based in the Golden State, if you do any amount of business online, there’s a good chance that the California Privacy Rights Act — as it’s being called by the Californians for Consumer Privacy (CCP) advocacy group — will have an immediate effect on your business.

That’s because the new initiative, like the California Consumer Privacy Act (CCPA) that it’s designed to expand, affects any business that is accessible by California residents. And that’s an umbrella under which most organizations can be found. For instance, Microsoft recently announced compliance for all of its nationwide media services — including such household names as Windows, Skype and Xbox.

What You Should Know about the California Privacy Rights Act

Bearing the California attorney general’s racking number of 19-0021, the California Privacy Rights Act is now officially open to receive the petition signatures it needs for inclusion on next year’s ballot. According to Ballotpedia, the number of signatures required equals five percent of the ballots cast for the most recent gubernatorial race, which amounts to 623,212 in 2020. The end date for receiving the required signatures is June 15, 2020.

In addition to further limiting the extent to which businesses can collect, share and use the personal info of customers in California, the initiative seeks to increase penalties for the failure to implement data security measures. To that end, the new initiative also includes a provision to establish “a new authority” for enforcement of the CCPA and any subsequent consumer privacy laws.

Further compounding legal risk for American businesses, the California Privacy Rights Act also seeks to expand the ability of consumers to sue businesses that fail to protect stolen data, particularly in the event that both the email address and password are stolen due to negligence.

What the California Privacy Rights Act Means for the Future

The initiative’s sponsor and supporters aren’t shy about their goal of ushering in further such regulations on a nationwide basis in the years to come. Writing at the CCP website, founder and chair Alastair Mactaggart explained his motivation to file the initiative as a reaction to his belief that “some of the world’s largest companies” are working to undermine the CCPA.

I believe it is time to both permanently enshrine these rights, and to provide Californians the same level of protections that citizens have in the rest of the world,” he adds. “I look forward to making this case to the people of California, who so often lead the way for our country in breaking new ground.

And although the initiative’s inclusion on the November, 2020 ballot isn’t yet assured, supporters are confident. The Californians for Consumer Privacy notes that it will be “hitting the streets in less than a week” to begin collecting the signatures needed for qualification. It’s a good bet that, even if this initiative fails, stronger measures to enforce data security in the U.S. are on the way.

If you haven’t yet explored the need to expand your organization’s data protection policies, it’s not too late to start! Contact us here to set up a complimentary consultation with an Omnistruct cybersecurity specialist.

Ready to take the next step?