Welcome everyone. Toe Lesson 10.2
the very last lesson in CyberRays course on the California Consumer Privacy Act.
We're actually going to be spending it on an entirely new law that will be replacing the C c p A.
It's called the California Privacy Rights Act. So CPR A
let's jump right into it. Now
we're going to review for you some changes that would come if and by the way, at the time of this recording we now know that the c. P. R. A. Has since passed.
If slash when the CPR A passes,
then identify why the founders of the C P R A are trying to move the needle further towards the GDP are standard,
and they have successfully accomplished that by way of passing the c. P. R A.
Let's take a second look again at the founders of the California Consumer Privacy Act.
We're now calling it, Actually, the old law.
Alistair McTaggart again, that's the gentleman in the middle.
He was unsatisfied with how the Legislature, at the very last hour back in the summer of 2018, passed a different version of the C c. P A.
He made it his mission to pass a stronger version of the C c p. A.
The way the ballot initiative works is if you get the sufficient number of signatures in this case, the bare minimum to get on the ballot is 600,000.
If you do it the summer proceeding Election Day,
you can get it on the actual ballot for the fall election.
At the time of this recording, we are now two weeks past Election Day.
We are recording this in the end of November.
We now know that the CPR a past
it was always pulling very high, and there was a generally a strong likelihood of it passing.
We now know that the CPR a past
I actually encourage you to take a quick second and look up California Privacy Rights Act under your own time.
There's going to be a lot of changes around the finalized language of the C P R A. But it did pass, and it's going to be, from my perspective, theme most comprehensive and burdensome privacy law in the history of the United States,
second only to its predecessor, the C C P. A, which we reviewed during the last 9.5 Modules
Effective data once again January 1st 2023
Some big differences between the C P R A and the C C p A is that they finally established a centralized regulator.
It's called for now, the California Privacy Protection Agency.
Basically, they understood that the California attorney general was not in a position toe adequately enforced. The obligations of the C C p. A.
That's not what they're designed to do.
Man. These acronyms are tough.
They are going to be the very first privacy agency of its kind. In the history of the United States.
You see a little bit more over how it's going to be organized.
A five member board, including a chair with full administrative power.
Hey, folks. A look at how the regulatory authorities in Europe are organized wink wink content.
It's very similar to the way that they're proposing the CPP A eventually to be organized.
This finally creates see the left side of your screen there, that privacy brain trust that people were hoping would eventually come about in the United States.
A genuine agency that can address privacy compliance issues
that's the big change. Their from my perspective,
there are other changes.
If you want to take a look at Article nine of the GDP, are you'll see that there is a set aside for extra sensitive personal information.
There's additional consent obligations, and things like that under the GDP are
if it's information relating to *** or religious beliefs or orientation genetic data, stuff like that.
The c p. R A. The California Privacy Rights Act, the new one that just passed two weeks ago,
now creates an additional sensitive personal information category.
again, I recommend if your company collects any type of the information you see at the top half of your screen on a regular basis,
you do need to sit down and re evaluate your position towards privacy compliance in sometime around 2021 2022
because you now have an entirely new set of obligations.
There's also new consumer rights.
If you look at the right side of your screen,
the right to access delusion and opt out of sale are still in the CPR,
but we have four new ones as well.
Those are the ones in blue.
I want to call out a couple of them.
Item number one at the top,
right to rectification.
This is a copy and paste from the GDP are
that is a right that exists for data subjects in Europe that did not exist in California.
It now exists, thanks to the C P r A or will anyway, starting in January of 2023
the bottom left side of your screen
right to opt out of advertisers receiving geo location information.
I have strongly predicted that geo location, information, biometrics and facial recognition technology are all going to be receiving the heavy hammer of regulatory authority in the coming years.
Keep an eye on that.
I think that's just the response to what we've seen globally as it relates to the information of these certain categories and the dark side.
Look again, I mentioned I remember in the first module the Hong Kong protests and things like that
If it's sensitive information, it's going to catch the attention of regulators.
Pause there if you need to. But those are the new consumer rights that are available.
I mentioned this in the last lesson, and I'll mention it here again. Once more,
it looks like the c p. R. A. Is going to expand the moratorium for employee data all the way through January 1st of 2023.
This is still a question mark, so I'm encouraging you not to take this as gospel
for now. You need not worry about the personal information of your employees falling within the scope of the CCP A at a minimum through January 1st of 2021.
But I honestly do think in the end it's going to be January 1st of 2023.
Expanded breach liability.
There are other categories of disclosure or unauthorized access that will trigger liability under the c p. R A.
The big ones are emails and passwords.
For some reason, companies keep losing track of this type of data, which I actually find a little surprising.
Regardless, it's a reflection you see at the bottom side of your screen. They're that bad. Actors consistently target this type of log in and credential information and
are having success getting it.
This is Alistair McTaggart way of saying, no,
you guys really need to figure out a way of stopping this type of information from leaking the organization.
So data loss prevention techniques.
In summary, my friends,
we do have a quiz that will come up in the next video.
But there's five main changes to the CPR
They've established a privacy enforcement agency
That again, in my personal opinion, is the most impactful change to the CPR. A. Because we're finally going to get that brain trust that I keep talking about.
There's going to be a new category for sensitive personal information.
If your company does come across that type of information, please be aware of it.
That might intersect. By the way, with HIPPA and the Gramm Leach Bliley Act and other sectoral laws that already exist,
Please seek outside help. If you think you fall into that category
again, I predict there's going to be an extension of the employee data exemption.
I'm looking at number three there.
We have expanded consumer rights
again. They're trying to mimic the GDP are standard and bring it here.
I think there is going to be some industry side lobbying in the next year or two that will try to curtail the consequences of the c p R A.
But the point is clear.
California as a state and the United States, as a country is shifting further and further to the GDP are standard.
I think by the time that this decade is out,
by the time that we arrive at 2030
we're going to be on the GDP are standard
that concludes the substance of less than 10.2.
This is the end of Cyber Aires, California Consumer Privacy Act Horse Thank you so much for watching. And I wish you the best of luck with applying the information that you learned here toe all your privacy needs.