The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

California Privacy Rights and Enforcement Act Would Further Reign in Data Privacy

by Chris Brook on Thursday October 3, 2019

Contact Us
Free Demo
Chat

On top of the forthcoming California Consumer Privacy Act, a new ballot initiative seeks to tamp down data privacy even further in the state.

The California Consumer Privacy Act hasn’t even gone into effect yet, nor has the state’s governor, Gavin Newsom, signed off on amendments expected to further shape the legislation, but that isn’t stopping privacy advocates in the state for backing additional legislation designed to bolster data privacy in the state.

A new ballot initiative filed last week, the California Privacy Rights and Enforcement Act of 2020, would tamp down data privacy in the state even further than the CCPA.

The proposal, linked here (.PDF) with annotations, would go into effect Jan. 1, 2021 and change rights around the use of "sensitive" personal data – like a person’s race, health, Social Security number and locations received via GPS technology - improve protections for minors, and make it so future changes to the CCPA would be easier to pass.

Specifically, the CPEA would increase penalties for companies who violate children’s privacy by tripling the amount companies are currently fined for collecting or selling the personal information of minors under 16 years of age without their consent.

The act would also require companies to disclose more detail around profiling algorithms that pertain to personal information relative to employment, housing and credit, and whether and how they use personal information to influence elections.

The initiative would also form a new entity, the California Privacy Protection Agency, to carry out CCPA enforcements and provide guidance to the industry and consumers. Currently, the Attorney General’s office is scheduled to handle that role, starting no later than July 1, 2020. Xavier Becerra, the state’s AG, began hiring lawyers to implement and enforce the CCPA in August but did say earlier this year he was concerned his office may not have enough staff to carry out enforcement. The new agency would be comprised of five staff members, including members appointed by appointed by the Governor, the Attorney General, Senate President and Speaker of the Assembly.

While the act may sound a bit redundant, especially with CCPA so imminently on the horizon, there is some credence to the proposal. The group behind the proposal, Californians for Consumers Privacy, led by real estate developer Alastair Mactaggart, is the same group that helped the CCPA gain steam in the state two years ago.

“I am convinced that without regulation, this encroachment into people’s lives will distort the balance of power in society,” Mactaggart wrote last week, “In a very fundamental way, democracy depends on privacy. We are engaged in a new experiment now, where a handful of giant corporations know almost everything about us, chronicling everything we’ve searched for, following every one of our digital footprints, and analyzing that to control what we see every day. These are perhaps the most powerful tools for influence in human history… shouldn’t consumers have a choice about how their own data is used?”

Mactaggart famously got interested in data privacy several years ago after having a discussion with a Google engineer.

"These giant corporations know absolutely everything about you, and you have no rights," Mactaggart told NPR, "I thought, oh, I'd like to find out about what these companies know about me. Then I thought, well, someone should do something about that."

Next on the docket for the act is a 30 day review and public comment period. Following that, proponents of the initiative can amend the proposal and collect the required signatures to get it on the November 2020 ballot.

While the CPEA is nowhere close to being enacted – it’s still only a ballot initiative – it could add fuel to the fire around CCPA compliance. The act – and uncertainty around the final iteration of the CCPA - are a good reason for companies to stay aware of changing laws and let it inform how they build their compliance programs.

Speaking of the CCPA, it isn't set in stone yet but it's close. The legislation's final amendments made their way to the governor's desk last month where Newsom has until Oct. 13, 2019, to sign or veto the legislation. Following this, the Attorney General will release regulations around the data privacy regulation.

Tags: Government

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.