Why you’re getting so many Privacy Policy Update emails in June 2023

Have you noticed an influx of privacy policy update notices lately? Here's why it's happening now.

California Privacy Law

In November 2020, California passed the The California Privacy Rights Act (CPRA), a significant piece of legislation that has sparked waves of these changed privacy policy notices.

What's the CPRA?

The CPRA builds upon the existing California Consumer Privacy Act (CCPA) and further strengthens privacy rights for California residents by introducing new requirements and obligations for businesses operating in California.

Definition of “personal information” expands

One key reason is the Act's expanded definition of personal information. The CPRA broadens the scope of personal information to include additional categories such as precise geolocation data, sensitive personal information, and certain types of inferred data. This means that businesses must now update their privacy policies to reflect these expanded definitions and inform users of the types of data they collect and how it is used.

New Consumer Rights

Additionally, the CPRA introduces new rights for consumers, such as the right to limit the use of sensitive personal information and the right to correct inaccurate personal information. To comply with these new requirements, businesses must update their privacy policies to inform consumers of these rights and provide mechanisms for exercising them. This leads to a surge in privacy policy updates as businesses strive to ensure compliance with the CPRA and maintain transparency with their users.

So, Why the influx NOW?

The reason you're seeing a flurry of activity now? Well, the law included a deferred enforcement date: July 1, 2023.

“Notwithstanding any other law, civil and administrative enforcement of the provisions of law added or amended by this Act shall not commence until July 1, 2023, and shall only apply to violations occurring on or after that date.””

What to do if you run an online business?

So, if you're a business operating online, and having any measurable contact with consumers in California, you'll want to take steps to make sure you're complying with CPRA. To get started, do the following:

1. Review and Update Existing Privacy Policies: . Make sure the updated privacy policy includes clear information about the types of data collected, the purposes for which it is used, and the rights available to consumers.
2. Assess Data Collection and Processing Practices: At minimum, this will mean including a process for consumers to request the deletion or correction of their personal information, as well as the ability to opt out of the sale or sharing of their data. Implement procedures to verify and respond to consumer requests within the required timeframes.
3. Enhance Data Security Measures: Strengthen your data security measures to protect the personal information you collect.
4. Stay Informed: Keep up-to-date with developments and guidance regarding the CPRA. The California Attorney General's office is responsible for enforcing the law and may issue regulations or guidelines to assist businesses with compliance.
5. Consult your lawyer: Seek legal counsel to ensure that your business is fully compliant with the CPRA and to address any specific concerns or questions you may have.

Remember, the CPRA imposes additional obligations on businesses and expands the rights of consumers. Taking proactive steps to comply with the CPRA not only helps avoid potential penalties but also demonstrates a commitment to protecting consumer privacy and building trust with your customers.