Earlier this month, California voters approved Prop 24 for new legislation which will replace the California Consumer Privacy Act (CCPA), which was discussed in the Tip of the Night for December 31, 2019. The California Privacy Rights Act will supersede the CCPA on January 1, 2023. The CPRA is designed to remove the burden on small businesses by exempting those which collect personal information from less than 100,000 consumers. Under the CCPA businesses had to comply with the provisions of the law if they collected data from more than 50,000 consumers.

Under the new law, businesses can request up to 90 days to disclose, correct, or delete personal information pursuant to an individual's request when a period of three months is reasonably necessary to comply with the request.

The law creates a new category of data called, 'sensitive personal information' which includes SSNs; passport IDs; driver license IDs; login information for financial accounts; geolocation data; email and text message content; genetic data; and biometric data used for identification.