US businesses have an opportunity to “seize an opportunity” if they respond proactively to the The California Privacy Rights Act, according to a speaker at the Last Thursday in Privacy online event on 25 June.
Speaking at this month’s Last Thursday in Privacy event , OneTrust Privacy Engineer Ethan Sailers gave key insights into how a business can prepare for CPRA/CCPA 2.0 after it was announced that enough signatures were received to make it eligible for the ballot this year. If passed, it will become effective 1 January 2023.
The new Act intends to address specific elements of the CCPA that supporters feel come up short, according to Sailers. The key adjustments are new consumer rights, including the right to access, and a new category for sensitive personal information. This includes passport number, credit card information, location, health data and ethnic origin.
According to Sailers, businesses need to focus on two key areas: internal governance and consumer-facing processes. Insternally consider how you are going to track sensitive data, prepare inventories or data maps and ensure that your business model is adaptable and iterative.
Externally, ensure that processes meet regulation standards by updating the intake for additional request types. Importantly, companies already complying with CCPA can build on the foundations that have already been set.
Customers will also be provided with a link to opt-out of the sale of sensitive information to adtech.
Business should see the bigger picture, Mr Sailers said, and should “seize a global privacy program opportunity”.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.