CPRA to Appear on California’s November 2020 Election Ballot

Written by: Brett Lawrence, Esq.

As businesses continue to prepare for the enforcement of the California Consumer Privacy Act (“CCPA”), which will begin on July 1, 2020, new privacy legislation is already on the way. On June 24, 2020, the Office of the Secretary of State of California announced that the California Privacy Rights Act (“CPRA”) has raised enough signatures to appear on the November 3, 2020, General Election ballot.

Known as “CCPA 2.0,” the CPRA seeks to modify a host of CCPA rules that would broaden consumer protections in a variety of areas and put new obligations on businesses that process personal data. Namely, the CPRA would:

  • Create a new category of personal information called “sensitive personal information,” which would include a consumer’s social security number, racial or ethnic origin, and account log-in credentials;
  • Allow consumers to correct any potentially inaccurate data being stored by a business;
  • Create a new privacy enforcement agency titled, “The California Privacy Protection Agency,” that would not only enforce the CPRA, but allow it to promulgate new rules and regulations;
  • Remove the 30-day “cure” period for businesses to remedy any alleged privacy violations;
  • Allow consumers to sue for unauthorized access or disclosure of their email address and password or security question permitting access to an account;
  • Increase the penalties for mishandling children’s data;
  • Continue the employee data and business-to-business exceptions to January 1, 2023;
  • Make service providers directly responsible for complying with certain provisions of the CPRA, such as helping businesses with verifiable consumer requests to correct, limit, or delete personal information; and
  • Require businesses to have certain security safeguards in place to protect personal information.


It is important to note that the CPRA, if approved, would not take effect until January 1, 2023, and would only apply to personal information—with an exception to the right to access—collected by a business on or after January 1, 2022. With an October 2019 poll showing that almost 9 out of 10 California voters would vote Yes for increased protection for consumer personal information, it appears to be only a matter of time before more stringent data privacy and security laws, like the CPRA, are on the books.

Click here to read the latest version of the CPRA.

Leave a comment