The California Privacy Rights Act (CPRA)
...Are You Ready?
The California Privacy Rights Act (CPRA) was first introduced to the California legislature in June 2018 as Assembly Bill No. 375, and was passed shortly thereafter.
Set to go live at the start of 2020, CPRA is focused on protecting consumers privacy rights, while allowing businesses to make use of and get value from this personal data. More specifically, it lays out a framework for transparency in business practices, such that companies will need to respond to consumer requests in terms of what information companies have on them and what companies are doing with their information.
So, how can you prepare for CPRA? Let’s take a closer look to understand how we can use what we know about this regulation so that we can best prepare for the inevitable.
The Five Summary Rights of Consumers
The idea of the California Privacy Rights Act (CPRA) is to empower consumers to know what information is being collected, how is it being resold or remarketed, and to give consumers an option to withdraw or opt out of the sale and use of their personal information.
The California Privacy Rights Act (CPRA) ensures the following five summary rights for Californian consumers:
- The right of Californians to know what personal information is being collected about them.
- The right of Californians to know whether their personal information is sold or disclosed and to whom.
- The right of Californians to say “no” to the sale of personal information.
- The right of Californians to access their personal information.
- The right of Californians to equal service and price, even if they exercise their privacy rights.
Consumers should also be able to exercise these rights, including opt in/outs, without an impact on service delivery or price. In other words, companies are not allowed to impose a privacy tax or fee for those consumers who wish to exercise their privacy rights.
When Do You Need to Be Ready?
Enforcement of CPRA will begin 6 months after publication of final regulations OR July 1, 2020 – whichever is sooner. However, it’s important to keep in mind that enforcement of CPRA is retroactive to 12 months. This means that once enforcement kicks in (which looks like it will be July 2020), consumers will have the right to request access to their data from the preceding 12 months.
Can you go back to that date a year prior (to July 2019), and provide this type of information to consumers? It’s already past July 2019, so the resounding message is that you should be moving now. You should already have your data architected and structured in such a way that detailed recordkeeping requirements are possible. If you’re not there, then you’re already behind.
Key Activities to Prepare for CPRA
- Establish clear leadership, governance and key-stakeholder engagement.
- Refresh or promote your data privacy notice
- Implement annual role-specific privacy education
- Develop your risk tolerance and acceptance criteria as soon as possible to ensure the most critical areas are addressed by the compliance deadline.
- Discover, map and inventory data & content related to California residents.
- Implement clear and accessible procedures for consumers from a “do not sell my personal information” link on the business homepage or app.
- Determine whether to go with one unified notice for all consumers or one separate for Californians.
- Test and implement - get started now!
How enChoice Can Help
For many organizations, it can be very challenging to determine how to start preparing for CPRA. On the other hand, some organizations may already be prepared for other privacy regulations, such as GDPR. No matter where you are on your journey, enChoice can help.
enChoice has been implementing and supporting Content Management Systems since 1993. Involved in the implementation of over 500 systems on the IBM Content Management platform across a variety of industries, enChoice has the expertise to help organizations with their digital transformation initiatives. We believe the difference is in the experience level and quality of our people. The enChoice team is exclusively made up of Enterprise Content Management (ECM) and Business Process Management Subject Matter Experts, with the average industry tenure exceeding 15 years.
For more information, watch our recorded webinar or schedule a 15-minute meeting to learn how enChoice can help.
About the Author
Gene Stakhov, CRM, CDIA+ is a Senior Solution Architect at enChoice. Gene has provided customers with expert guidance raging from enterprise taxonomy development to technical system implementation solutions. His work includes implementing a highly visible regulatory compliance initiative which won the IBM Innovation in Technology Award. Gene is also a long-time leader of the ARMA Metropolitan New York City Chapter and current President.
For more information on Managed Services for IBM CMOD
Contact Art Richard at 480-889-5944, [email protected]