California's data privacy regulations, primarily embodied in the California Consumer Privacy Act (CCPA) and its extension through the California Privacy Rights Act (CPRA), constitute a pioneering and influential framework. These regulations, effective from 2018 and further strengthened in 2020, set a standard for data protection not only within the state but also across the national and global economy. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the nuances of the CCPA and CPRA, and the evolving data privacy landscape.
You’ll hear Michael talk about:
- The lack of a federal data privacy law in the United States has led to a complex patchwork of state laws. Businesses are faced with the challenge of navigating these varied regulations, which contributes to compliance complexities.
- California, through the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), is a leader in data privacy regulation in the United States, with implications for both the national and global economy. The CPRA, enacted in 2020, establishes the California Privacy Protection Agency (CPPA) to enforce the law robustly.
- The CPRA introduces critical changes, including:
- Protection of employee and business-to-business personal information, which is now subject to the same privacy protections as consumer personal information.
- Enhanced consumer rights, such as the right to access, delete, and correct their personal information, and the right to opt out of the sale of their personal information.
- Companies are now obligated to implement reasonable security precautions and undergo annual cybersecurity audits and risk assessments.
- In addition to California, other states such as Virginia, Colorado, Utah, Iowa, and Connecticut have also enacted data privacy laws that echo the GDPR. Businesses must stay up-to-date on evolving compliance requirements and adapt their systems accordingly.
- Compliance issues comprise risk assessments, impact assessments, adherence to data breach requirements, and compliance with notification standards. Companies are developing systems based on the most stringent set of laws to guarantee compliance.
KEY QUOTES
“We have a patchwork of laws that apply in the United States. Unfortunately, we continue to suffer from the absence of a federal data privacy and breach notification law. Congress has tried for years to broker a deal here, but it has never been able to overcome strong lobbying forces. Whether it's high tech trial lawyers, law enforcement, or other gadflies, the public continues to suffer.” - Michael Volkov
“Many commentators have suggested that California's data privacy laws and regulations are starting to look closer and closer to the EU's GDPR regime.” - Michael Volkov
“To me, we're getting into a more strict regulation. We already have, under the California Consumer Privacy Act, a requirement to have on your website: an ‘opt out’ in terms of any information that you may provide to a website, that it can't be used by the entity for sharing or selling or whatever consumer products purposes. So keep tabs on the California events.” - Michael Volkov
Resources
Michael Volkov on LinkedIn | Twitter
The Volkov Law Group
