How California’s New Data-Privacy Law Will Impact Your Business

Uncategorized Mar 22, 2021

With the passing of Proposition 24, California consumers now have more personal data protection rights than ever before. The California Privacy Rights Act (CPRA) improves provisions and extends enforcement of the existing California Consumer Privacy Act (CCPA).


If you're thinking, how does a data privacy law passed in California affect my business in a totally different part of the country? Even if your company is headquartered outside of California, if you're conducting business within the state, you are subject to CCPA and CPRA guidelines. Beyond this, many new laws and guidelines are first implemented in California, and later make their way into other states throughout the country. Because of the visibility of privacy laws with the rise of digital media, we expect other states to adopt similar statutes in coming years. 


While the CPRA doesn't go into effect until 2023, the CCPA currently governs data privacy protections for Californians and gives consumers the right to:

  • Learn what personal information a business collects about them
  • Have the business delete their personal information
  • Prevent businesses from selling their personal information, especially for advertising purposes
  • Hold businesses responsible if they don't protect their personal information


What are the key differences between the CCPA and CPRA? For one, California beefed up its opt-out clauses to shift from a "no selling" to a "no sharing" approach to data privacy. This new clause will provide consumers more authority over how their data is distributed and used.


Second, your business will be on the hook for compliance because the CPRA triples maximum penalties for violations involving minors under 16. The new law also establishes a California Privacy Protection Agency to enforce consumer privacy laws and impose administrative fines.


Here are some best practices to remaining CPRA compliant in your business's marketing practices:

  • Ensure you're transparent on what information you're gathering from website visitors and how you're going to use it
  • Collect only the data you need
  • Make it simple for your audience to opt-out of data collection
  • Implement comprehensive security measures wherever consumer data is stored


For more information on the nitty-gritty details of the CPRA and how it will affect your organization's marketing practices, check out these helpful resources:


50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.