Copyright: wk1003mike
California Prop. 24, otherwise known as the California Privacy Rights Act (CPRA), was approved by California voters during this week’s election. CPRA is a further expansion of consumer privacy rights included in the California Consumer Privacy Act (CCPA) and moves California data privacy regulations closer to the more stringent European Union General Data Protection Regulation (GDPR) standards. Manatt, the legal experts who wrote NMHC’s industry white paper on data privacy and protection, have provided a helpful analysis/backgrounder on CPRA and where it expands on the CCPA, which can be found here.
CPRA is designed to give consumers more data privacy rights, with a particular focus on data sharing and behavioral advertising. It also amends certain provisions of the landmark CCPA and introduces new provisions that will need to be clarified through the rulemaking process. CPRA’s reach will be established through a new California Privacy Protection Agency, which will enforce the law alongside the state attorney general and will go into effect January 2023.
It’s important to note that during the rulemaking process and before CPRA goes into effect, the CCPA stands and will be enforced. As we have covered extensively in the past, many apartment firms and American businesses operating in California had to begin complying with CCPA on January 1, 2020, though long-awaited final regulations were not released until August 14, 2020. While the impact of CPRA on apartment firms has not yet been made clear, in the short term, the CPRA extends the CCPA employee data protection provisions exemption for employers, set to end on January 1, 2021.
The number of state data security and privacy standards and breach notification requirements already in effect across the country have created a significant compliance challenge for apartment firms. To reduce this compliance burden, NMHC is actively supporting a federal data security and privacy standard that preempts state standards. NMHC has long argued that any standard must be scalable, account for the scope and size of the business and the sensitivity of the data in question.
To date, bipartisan agreement on privacy and security standards has eluded Congress. In its absence, multifamily firms of all sizes will need to continue to comply with the CCPA and other emerging standards. NMHC’s comprehensive white paper on data privacy includes practical considerations for apartment firms so that they can evaluate organizational practices based on common themes found in each of the notable privacy standards that exist today.
For more information on data privacy and security, please visit NMHC’s data privacy and security advocacy page.
Related Articles
- NMHC-NAA Statement for Senate Commerce Hearing on AI & Data Privacy
- Real Estate Coalition Letter to CISA on CIRCIA/Cyber Disclosure Rule
- NMHC-NAA Statement for House Committee on Energy and Commerce on the American Privacy Rights Act
- NMHC-NAA Statement for Senate Commerce Subcommittee Hearing on Data Privacy
- NMHC-NAA Statement for House Appropriations Subcommittee Hearing on Bulk Billing