The California Privacy Rights Act (CPRA) is on its way (if approved by voters in November), but what does this mean for you?
- First: Assess your core California Consumer Privacy Act (CCPA) compliance, enforcement starts tomorrow. July 1, 2020.
- Second: Look beyond the consumer facing CCPA “must haves” and button down other CCPA requirements like: vendor management, DPA’s, templates for consumer request responses, dig deeper into all your data sharing.
- Third: Assess your governance and policies, are they up to par with the standards set in FTC enforcement actions?
- Fourth: Assess your employee data and processes in the event you will need to address employee consumer rights come January 2021.
After those have been addressed, look at the key concepts of CPRA that are already being echoed in other state and federal privacy bills and work on them:
- data minimization
- retention limitation
- Data Protection Impact Assessments (DPIAs)
Details in this Law360 article, for which I was interviewed by journalist Allison Grande.