Dubbed “CCPA 2.0,” a proposed initiative called the California Privacy Rights Act (CPRA) is gaining traction – and will likely make an appearance on the November 2020 ballot in California.
The original legislation, the California Consumer Privacy Act (CCPA), only came into effect on January 1, 2020, but we are already seeing potential changes to this data privacy regulation looming on the horizon. If passed, these proposed changes like CPRA could mean businesses will need to further beef up their data security measures.
Think your business doesn’t need to worry about the California Consumer Privacy Act (CCPA) because you don’t sell any data for business purposes?
You may want to take a second look.
Under the broad definition of “sale” used in CCPA, you could very possibly be subject to CCPA requirements and unknowingly failing to achieve and maintain compliance. With the financial penalties associated with non-compliance, not to mention the data security risk that results from ignoring CCPA requirements, it’s absolutely vital to make sure that you know whether or not your business activities would be considered to be “selling data” under the CCPA.
These days, it seems that companies are having to navigate increasingly complex data compliance regulations. From following PCI DSS rules to maintaining HIPAA, GDPR, and CCPA compliance, the complicated web of global regulatory frameworks for data protection just keeps getting more and more tangled.
In our last blog post about CCPA, we went into the details of California’s comprehensive privacy law, more formally known as the California Consumer Privacy Act. Coming into effect January 1, 2020, the new privacy law pertain to companies that collect data from California residents, regardless of the location of the company - both within the United States and globally.
The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that will go into effect on January 1, 2020. The new data security framework will have a major impact on both consumers and businesses, because the regulations apply to any companies – no matter their location – that collect personal information from residents of California.
CCPA covers any data related to customers, including both individual consumers and entities, plus vendors and employees.
Today, we’re happy to announce the introduction of our new Compliance Academy, a resource where you can learn all about compliances and regulations such as PCI, SOC2, GDPR and CCPA.
In the last 2 years at VGS we’ve seen a significant uptick in interest regarding regulation. Every day we field multiple questions from people trying to understand if their company is “in scope” and if so, what they need to do about it. There are a number of reasons for this interest but primarily it appears to be driven by uncertainty. Both startups and established companies alike face the prospect of a world with increased regulation and significantly stiffer penalties for failure to comply.