California Privacy Rights Act Approved by Voters

by | Nov 6, 2020

In California the California Privacy Rights Act (CPRA) ballot initiative has been passed after winning the approval of 56% of votes.

This means that Californiance Consumers Privacy Act will be amended to incorporate additional rights for the consumer. Along with this there will new requirements in relation to processing and protecting personal information while also clarifying definitions of certain aspects of the legislation. A California state guide, published in the run-up to the vote, referred to the new legislation as “a way for consumers to prevent businesses from sharing personal information, correct inaccurate personal information, and limit businesses’ use of ‘sensitive personal information,’ including precise geolocation, race, ethnicity, and health information.” In addition to this it allowed for the creation of the the California Privacy Protection Agency.

As a result of this there will be pressure on all business in the state to ensure that all activities they carry out are legally compliant. There is some time to complete the process of achieving compliance as the CPRA amendments will not become active until January 1, 2023 with enforcement beginning later that same year on July 1.  However exemptions for business contacts, employees, job applicants, owners, directors, officers, medical staff members and independent contractors that are currently active under CCPA will remain so until December 31, 2022.

It is envisaged that the newly established California Privacy Protection Agency will implement final regulations on or by July 1, 2022.

The main changes that are being introduced with the CPRA are the right to correct personal information, the right to prevent the use of sensitive personal information, and the right to opt out of personal information being shared to third parties. This enhances the existing rights of the CCPA for the consumer to be aware of, delete or opt out of the sale of personal information.

Last August, following publication of the proposed amendments, California Attorney General Xavier Becerra said in a statement: “With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy.”

Alastair Mactaggart, chair of Californians for Consumer Privacy and Proposition 24 sponsor, speaking after the passing of the Act, said: “We are at the beginning of a journey that will profoundly shape the fabric of our society by redefining who is in control of our most personal information and putting consumers back in charge of their own data. “I’m looking forward to the work ahead and the next steps in implementing this law, including setting up a commission that is dedicated to protecting consumers online.”

The onus is not on all companies to move quickly to ensure that they are compliant as early as possible. As was the case the introduction of other data privacy legislative acts around the would, including CCPA and GDPR, those companies that adapted early suffered less stress, business interruptions and concerns relating to possible regulatory fines.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy