The California Privacy Rights Act, which amends the Consumer Privacy Act and extends its protections, took effect on Jan. 1, and enforcement starts July 1, 2023. Hanson Bridgett’s Simran Mahal outlines steps for businesses to comply with the new law. The California Privacy Rights Act went into effect Jan.1, 2023, expanding consumer protections offered by the California Consumer Privacy Act. CPRA enforcement won’t start until July 1 and applies only to violations occurring on or after that date. Businesses are given a six-month window to comply with this new law. Whether a business needs to create privacy or security programs or update existing programs to comply, it should follow some top-line compliance steps. Determine Oversight If a business was subject to the Consumer Privacy Act, it is likely also subject to the CPRA. The law expanded the definition of a business to include any for-profit entity doing business in California that collects California consumers’ personal information and had annual gross revenues of more than $25 million in the previous year; buys, sells, or shares personal information of 100,000 California consumers or households; or derives 50% or more of its annual revenue from selling or sharing information. The CPRA expanded […]
Click here to view original web page at news.bloomberglaw.com
