When the California Consumer Privacy Act went into effect last year there was concern surrounding enforcement and which business would be the first to face consequences. California voters decided that an agency should be put in place to uphold compliance. This agency, dubbed the California Privacy Protection Agency, is charged with rulemaking and will join the attorney general in taking enforcement actions. The agency has been tasked with fulfilling their initial rulemaking responsibilities by July 1, 2022.

California Privacy Protection Agency Members

The members of the agency were appointed by Governor Newsom, Attorney General Xavier Becerra, Senate President pro Tempore Toni G. Atkins (D-San Diego), and Assembly Speaker Anthony Rendon (D-Lakewood). Members are Jennifer M. Urban, John Christopher Thompson, Angela Sierra, Lydia de la Torre, and Vinhcent Le. The group touts experience in technology, business, consumer privacy, and much more that make them uniquely qualified to uphold the CPRA standards. Learn more about the board members here.

On Governor Newsom’s website, pro Tem Atkins is quoted as saying, “The California Privacy Protection Agency Board is part of California’s commitment to the toughest privacy protection laws in the nation. The pandemic put us online more than ever—this Board will help protect the most private information of individuals and families for the world we live in now and in the future. I am confident that our Senate Rules nominee, Lydia de la Torre, will bring the kind of expertise the Board will need to take those protections to the next level.”

What’s Coming

Noteworthy items that will go into effect January 1, 2023 with the CPRA include:

  • Addition of the California Privacy Protection Agency.
  • Employment exemption expires January 1, 2023.
  • Addition the category of sensitive data and the right of correction.
  • Behavioral advertising restrictions.
  • CCPA’s 30-day cure period will sunset.
  • Pursuit of a private right of action when a consumer’s account credentials are accessed by an unauthorized party or exfiltrated.

It’s important to understand that these are not the only changes coming January 1, 2023 when CPRA begins. Companies that conduct business with California residents should be proactive in learning the ins and outs of the CPRA in order to be compliant when the time comes. Truyo has been an integral part of helping businesses achieve compliance with the current CCPA and will continue to update policies, monitor enforcement, and comply with any new legislation, as more states seek to follow in California’s footsteps.