California Votes to Strengthen Privacy Laws

Written by

Californian’s have voted to toughen their state’s privacy laws, further enhancing consumers’ rights over how their personal data is used by organizations.

Proposition 24 won a decisive 56% of votes on a night when Americans also went to the polls to elect their new President.

It will usher in a California Privacy Rights Act (CPRA) that is designed to close off some of the loopholes in the California Consumer Privacy Act (CCPA), which came into force at the start of this year.

The main changes it will institute are: a tripling of fines for violations involving info on those under 16, new rights for consumers to tell businesses not to use certain categories of info such as health, finances, race, ethnicity, and precise location, and making it more clear that “do not sell” orders include data shared between companies.

The new law will also make it harder for lawmakers to weaken the CCPA in future through amendments, although changes to enhance privacy protections will be able to pass with a majority.

Finally, the CPRA will create the California Privacy Protection Agency, a new enforcement body tasked with imposing fines for corporate negligence resulting in theft of consumers’ emails and passwords, for example.

Brendan O’Connor, CEO at AppOmni, argued that implementing the appropriate safeguards to protect consumer data will be challenging, especially given the distributed nature of workers and computing systems today.

“We can no longer rely on firewalls, gateways and access brokers to keep the data inside — it’s already gone to the cloud. Organizations must move their safeguards and security checks closer to the data and apply more fine-grained access controls than ever before,” he added.

“This is a lot for security and privacy teams to manage. Successful organizations will invest in technologies that show them who has access to consumer data in cloud applications, and provide continuous assurance that appropriate safeguards are in place.”

It should be noted that not all privacy advocates were for Prop 24. The American Civil Liberties Union (ACLU) urged supporters to vote against it, claiming the new law will allow companies to charge consumers more if they demand that their personal info is not sold. It also allows companies to force consumers to manually opt-out on each website and app, and contains numerous other exceptions and loopholes, the ACLU argued.

What’s hot on Infosecurity Magazine?