What California’s Expanded Privacy Law Means for Communicators

by Stephen Payne, VP, Public Affairs & Privacy, Feld Entertainment

Just when you thought you understood the complexities of the relatively new California Consumer Privacy Act (CCPA), on Election Day 2020, voters in the Golden State decided to take CCPA even further. By a wide margin (56-44 percent), they approved the California Privacy Rights Act (CPRA). Think of this new package as CCPA 2.0. There is a lot to unpack in this new law and how it might influence communicators and their clients doing business in California.

Similar to other privacy laws, the first step you, as a communicator, need to consider is to determine CPRA’s scope. In other words, does CPRA cover what you do as a PR pro?

CPRA modifies those businesses covered under the law by changing CCPA. Under the new law, enforcement of which begins January 1, 2023, you are a covered business if you have more than $25 million in revenue the preceding calendar year, or if you buy, sell or share personal information of 100,000 or more consumers (it was 50,000 in CCPA).
Buy, Sell and Now Share are Regulated
It is important to note the addition of the word share to companies in scope of the law.

In short, CPRA expands privacy rights for California residents beyond CCPA. In addition to their rights under CCPA, Californians approved:
• their ability to correct inaccurate data that businesses possess
• increased protection under a new and expanded definition of sensitive personal information which they can restrict use of
• the imposition of larger fines for those who misuse children’s data (defined as those younger than 16)
• higher fines for data breaches
• limitations on how long data can be retained and used
• creation of a dedicated enforcement agency and
• an expansion of CCPA’s Do Not Sell requirement to include sharing data with third parties
More insight about the expansion of Do Not Sell to Do Not Share is needed.