Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

Proposition 24 Passes In California, Ushering In More Consumer Privacy Protections

By Daniel J. Kagan on November 9, 2020
Email this postTweet this postLike this postShare this post on LinkedIn

By almost 1.5 million votes, California voters approved Proposition 24, the California Privacy Rights Act of 2020 (“CPRA”).  The CPRA amends and expands the California Consumer Privacy Act of 2018 (“CCPA”) and is affectionately referred to as “CCPA 2.0.”  While the CPRA’s requirements do not take effect until January 1, 2023, the CPRA ushers in significantly more privacy protections for California residents, while also amending some of the CCPA’s jurisdictional requirements.  Below, we touch on some of the CPRA’s requirements.

First, from a jurisdictional standpoint, previously one prong of the CCPA’s jurisdictional test was if a business reached 50,000 California consumers, then it was subject to the CCPA.  Practically speaking, this meant if a business had a website that received on average 137 hits per day from California, it could be subject to the CCPA’s requirements.  Under the CPRA, this threshold is bumped up to 100,000 consumers/households.  This change benefits small and midsize businesses, which otherwise would not meet the other jurisdictional requirements of having revenue above 25 million dollars per year, or a business that receives 50% of its income from the sale of personal information of CA consumers.

Second, similar to GDPR, the CRPA establishes a new category of “sensitive personal information.”  Under the CPRA, sensitive personal information includes an individual’s precise location, race, religion, sexual orientation, and specified health information, among others. With regard to this sensitive information, individuals will have greater control.  The CPRA will allow individuals to opt out of a business’ use or disclosure of such sensitive personal information.

Third, the CPRA strengthened protections for minors, as it triples fines related to violations for minors under 16.

Lastly, the CPRA establishes the California Privacy Protection Agency.  This agency will enforce and implement consumer privacy laws and can administer fines for businesses that violate California’s privacy laws.

Much like the CCPA, we expect the CPRA to evolve and change prior to the January 1, 2023 implementation date.

Photo of Daniel J. Kagan Daniel J. Kagan

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and…

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and reimbursement issues.

With regard to Privacy and Cybersecurity, Dan has experience drafting privacy policies and notices, website terms of use, written information security plans and incident response plans.  Dan counsels clients on compliance issues related to state, federal and international privacy laws including the General Data Protection Regulation (GDPR).  Dan also has experience representing both health care and non-health care clients that have suffered data breaches and assists such clients with breach response and applicable reporting obligations.  Dan writes extensively on privacy and cybersecurity issues and is a co-editor of Murtha’s Privacy and Cybersecurity Perspectives blog.

As a member of the Health Care and Long Term Care groups, Dan has experience representing clients with HIPAA compliance, Stark and anti-kickback analyses, purchase and sale transactions, reviewing and drafting contracts, certificate of need requirements, rate appeals, Medicare and Medicaid audits, medical staff and credentialing matters, licensing and change of ownership proceedings.

Prior to joining Murtha Cullina, Dan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court.

Dan received his J.D. with honors from the University of Connecticut School of Law where he was a Notes and Comments Editor for the Connecticut Insurance Law Journal. He earned his Bachelor of Arts in Economics from McGill University.

Read more about Daniel J. KaganEmailDaniel's Linkedin Profile
Show more Show less
  • Posted in:
    Privacy & Data Security
  • Blog:
    Privacy and Cybersecurity Perspectives
  • Organization:
    Murtha Cullina LLP
  • Article: View Original Source
LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status

New to the Network

  • Agha Law blog
  • Woven Legal Blog
  • Bid Protests
  • Contract Claims
  • Federal Procurement
Copyright © 2024, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo