Despite missing the April 21, 2020 target date, the advocacy group, Californians for Consumer Privacy, is still moving forward with their attempt to qualify the California Privacy Rights Act (CPRA) on the November 2020 ballot. This new ballot initiative has until June 25, 2020, to get at least 623,212 signatures verified by state and county officials but it’s a complicated and perilous process to secure a spot in the general elections, as explained by Michael Hellbusch from Rutan & Tucker.
The CPRA is often referred to as the "CCPA 2.0" and will revamp the consumer privacy law by expanding upon the privacy protections initially introduced in the California Consumer Privacy Act (CCPA). The new proposed Act creates new rights allowing consumers to stop businesses from using sensitive personal information, safeguarding children's privacy by tripling fines for collecting and selling children's private data, extending the exemption for employment data and establishing an enforcement body the California Privacy Protection Agency.
There is a lot to consider in these new proposals and even the potential exemption for employee data is less of a benefit. Given the outcome will not be known until November, businesses will have to start preparations for a "no pass" scenario and start thinking about how they may need to respond to access and deletion requests from employees, contractors, job applicants, and business contacts beginning in 2021.