Home > Insights > Blogs > Cybersecurity Bits and Bytes > California Privacy Rights Act passes

California Privacy Rights Act passes

Elizabeth Casale November 6, 2020

California Proposition 24, the California Privacy Rights and Enforcement Act (CPRA), passed on November 3, 2020. While the vote tally is not final, the measure is solidly ahead. The tally of votes for the measure can be monitored on the California Secretary of State’s website here. The results will be certified by December 11, 2020.

The CPRA amends and supplements some of the key provisions in California’s existing consumer privacy law, the California Consumer Privacy Act.

We have previously discussed the CPRA here. Among other things, CPRA:

  • establishes the California Privacy Protection Agency to implement and enforce the new law as well as impose administrative fines,

  • establishes a new category of sensitive personal information and give consumers the ability to limit use of this data, and

  • adds e-mail addresses and passwords to the list of personal information that, if lost or breached, would give the affected consumers the right to bring private lawsuits.

The CPRA’s prospective effective date is January 1, 2023, with certain aspects becoming operative earlier.

Libby Casale is an associate in Thompson Coburn’s Business Litigation group.