Consumers in California have been protected by the California Consumer Protection Act (CCPA) since 2018, but now those protections have been expanded thanks to the passage of the California Privacy Rights Act (CRPA). What does this mean for you and your handling of consumer data? Well, in short, a lot.
Although it doesn’t officially take effect until January of 2023, it has a 12-month lookback period similar to CCPA. This means that you need to start complying with these new requirements by January 1, 2022. That’s not a lot of time. Especially because as a provision of CPRA there is a new agency responsible for enforcing CPRA, the California Consumer Protection Agency (CCPA). In a way this is good news because it means that the enforcement of CCPA and CPRA will no longer be handled by the California Attorney General.
There are some notable differences between CCPA and CPRA. For one, there is an expanded definition of what a business is. It provides more consumer privacy rights and new consent standards. There are also new contractor and service requirements and regulations on data when it comes to advertising. CPRA is bridging the gap between CCPA and GDPR to standardize consumer protections, which in one way will be more efficient for businesses and data holders in the future.
Contact us to get the details for your specific industry and how Omnistruct can help you get in compliance by the January 2022 deadline.