The California Privacy Rights Act (CPRA) is a privacy law that builds upon and amends the CCPA. It was approved by Californian voters in November 2020 and is intended to strengthen privacy rights and consumer protection. Here are the key features and components of CPRA:
- Key changes: CPRA has established the California Privacy Protection Agency (CPPA), an independent regulatory body responsible for enforcing and implementing privacy laws.
- Expanded consumer rights: CPRA enhances certain consumer rights, introduces the right to correct inaccurate information, and introduces the concept of “sensitive personal information” with additional protections.
- Applicability: CPRA is slated to become enforceable on March, 2024. It generally applies to businesses that exceed certain thresholds related to data processing.
- Enforcement and penalties: The CPRA grants additional authority to the CPPA for enforcement. It includes higher penalties for violations involving the personal information of minors and increased fines for privacy-related violations.
- Duration: CPRA provides a transition period, and enforcement actions are expected to begin after the regulations are adopted and finalized.
CCPA has been in effect since January 1, 2020. CPRA introduces additional changes and enhancements to California’s privacy landscape. As laws and regulations may evolve, it’s advisable to check for the latest updates and compliance requirements.
Personal Data Protection Act
The Personal Data Protection Act (PDPA) is a legislation on data protection and privacy in Singapore, overseeing the gathering, utilization, disclosure, and safeguarding of personal data. The PDPA was enacted in 2012 and serves to regulate the handling of personal data by organizations in Singapore to safeguard individuals’ privacy rights and ensure responsible data management practices. PDPA applies to all organizations, both public and private sectors, that collect, use, or disclose personal data in Singapore. This includes businesses, government agencies, nonprofit organizations, and healthcare providers. PDPA defines personal data broadly, encompassing any information that can be used to identify an individual, such as names, contact details, identification numbers, and even images. For more details, refer to https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Personal-Data-Protection-Act.
