10 November 2020
On November 3rd, Californians voted to approve Proposition 24 which amends the California Consumer Privacy Act to include expanded consumer rights and greater privacy protections.
The California Privacy Rights and Enforcement Act – which also establishes an enforcement agency to guarantee strict compliance – places additional obligations on businesses to ensure that consumer data is transparent and secure. Given the scope of the Act and the short timeframe for compliance, hotels should immediately start looking at their data profiles and security to avoid running afoul of the new rules.
Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains the major provisions of the Act and discusses the challenges hotels face as they look to address its requirements.
New Challenges for Hotels:
The New California Privacy Rights and Enforcement Act of 2020
Bob Braun, Hotel Lawyer
Many races and initiatives that California voters considered on November 3 are still undecided, but Proposition 24, the California Privacy Rights Act of 2020 (the “CPRA”) isn’t one of them. The California electorate approved Proposition 24 by a comfortable margin – 56% of Californians voted in favor.
Like its predecessor the California Consumer Privacy Act of 2018 (the “CCPA”), the impact of the CPRA won’t be felt immediately. It goes into effect on January 1, 2023, and many of its provisions are unclear and will require study. But hotel companies with a presence in California will need to consider its requirements, and given the scope of the law, addressing its requirements early will be essential.
New Sheriff in Town
Perhaps the most significant development in the CPRA is the establishment of a new agency, the California Privacy Protection Agency, dedicated to handling enforcement and compliance with privacy regulations. This makes California the first state with an agency focused solely on enforcing privacy laws. This new agency will replace the California Attorney General in interpreting and enforcing the CCPA. The ultimate impact of the agency will develop as its members are selected and interpret its mandate, but it is clear from the CPRA that it has broad authority to bring civil and criminal actions.
Select Key Provisions
The CPRA is an extension and modification of the CCPA. It adds a number of new definitions and provisions that, in some cases, extend the scope of the CCPA and, in other cases, clarify the requirements of the CCPA. The result is that hotel companies that already comply with the CCPA will need to revisit their policies and procedures to ensure compliance with the CPRA, and any firms that have not yet considered CCPA compliance have a steep learning curve. Key provisions include: CONTINUE READING →