January 1, 2023, will be more than the start of a new year – it will also mark the start date for one of the strongest privacy laws for consumer data in the United States, the California Privacy Rights Act.
An expansion of the state’s previous California Consumer Privacy Act (CCPA), this new law extends its protections to employees as well as consumers and expands opt-out and breach notification guidelines. In this article, we will examine this expanded law, including who is affected by it and how to better protect your business under it.
What is CPRA, and who does it affect?
California Privacy Rights Act applies to businesses with over $25 million in annual revenue with employees in California (and only applies to those employees), with many guidelines similar to other data privacy regulations worldwide, including:
- The right to obtain disclosure of how your personal information is collected and used.
- The right to limit the use of this data or order it deleted.
- Enhanced protection for sensitive personal information, such as Social Security, drivers license and other ID numbers, as well as other forms of personal identification such as geolocation.
- Required notification to employees of their rights under this Act, along with documentation of company responses to such requests.
According to ADP, this new law also requires businesses to make contractual commitments on the retention and use of personal data, as well as publicly document the retention period for each type of data. It is backed by fines ranging from $2000-$7500 per violation, the latter for willful violations.
How can you help ensure CPRA compliance?
As with many of the growing number of consumer data privacy laws, compliance with CPRA will often require changes to your business processes, particularly in how you collect and use identifiable personal information from consumers. Increasingly, consumers are now being put in control of their own level of privacy, backed by the force of law.
One particularly important change for California Privacy Rights Act (CPRA) is required notification for employees as well as consumers. Businesses are updating their Terms of Service and Privacy Policies and emailing customers to let them know about these updates, so it is important to ensure that these email addresses are accurate and valid.
Service Objects’ DOTS Email Validation ensures that email addresses from your notification list are accurate, deliverable, and do not fall into harmful categories such as bogus, vulgar, spam trap or other problematic addresses.
Email Validation is part of a broad range of solutions for compliance with emerging data privacy regulations, including the US Telephone Consumer Protection Act (TCPA) and the European Union’s strict new General Data Protection Regulation (GDPR), the latter with fines that can reach up to four percent of a company’s annual revenue.
For more details about these solutions, visit our dedicated compliance solutions page on the web, or contact our friendly data quality experts for a free, no-pressure consultation on your own business’s specific needs.