The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
Earlier this month, California voters approved Prop 24 for new legislation which will replace the California Consumer Privacy Act (CCPA), which was discussed in the Tip of the Night for December 31, 2019. The California Privacy Rights Act will supersede the CCPA on January 1, 2023. The CPRA is designed to remove the burden on small businesses by exempting those which collect personal information from less than 100,000 consumers. Under the CCPA businesses had to comply with the provisions of the law if they collected data from more than 50,000 consumers.
Under the new law, businesses can request up to 90 days to disclose, correct, or delete personal information pursuant to an individual's request when a period of three months is reasonably necessary to comply with the request.
The law creates a new category of data called, 'sensitive personal information' which includes SSNs; passport IDs; driver license IDs; login information for financial accounts; geolocation data; email and text message content; genetic data; and biometric data used for identification.