California Prop. 24, otherwise known as the California Privacy Rights Act (CPRA), was approved by California voters during this week’s election. CPRA is a further expansion of consumer privacy rights included in the California Consumer Privacy Act (CCPA) and moves California data privacy regulations closer to the more stringent European Union General Data Protection Regulation (GDPR) standards. Manatt, the legal experts who wrote NMHC’s industry white paper on data privacy and protection, have provided a helpful analysis/backgrounder on CPRA and where it expands on the CCPA, which can be found here.
CPRA is designed to give consumers more data privacy rights, with a particular focus on data sharing and behavioral advertising. It also amends certain provisions of the landmark CCPA and introduces new provisions that will need to be clarified through the rulemaking process. CPRA’s reach will be established through a new California Privacy Protection Agency, which will enforce the law alongside the state attorney general and will go into effect January 2023.
It’s important to note that during the rulemaking process and before CPRA goes into effect, the CCPA stands and will be enforced. As we have covered extensively in the past, many apartment firms and American businesses operating in California had to begin complying with CCPA on January 1, 2020, though long-awaited final regulations were not released until August 14, 2020. While the impact of CPRA on apartment firms has not yet been made clear, in the short term, the CPRA extends the CCPA employee data protection provisions exemption for employers, set to end on January 1, 2021.
The number of state data security and privacy standards and breach notification requirements already in effect across the country have created a significant compliance challenge for apartment firms. To reduce this compliance burden, NMHC is actively supporting a federal data security and privacy standard that preempts state standards. NMHC has long argued that any standard must be scalable, account for the scope and size of the business and the sensitivity of the data in question.
To date, bipartisan agreement on privacy and security standards has eluded Congress. In its absence, multifamily firms of all sizes will need to continue to comply with the CCPA and other emerging standards. NMHC’s comprehensive white paper on data privacy includes practical considerations for apartment firms so that they can evaluate organizational practices based on common themes found in each of the notable privacy standards that exist today.
For more information on data privacy and security, please visit NMHC’s data privacy and security advocacy page.
- NMHC NAA Comments to FCC on Digital Discrimination
- NMHC NAA House Financial Services Data Privacy Letter
- NMHC NAA House Energy and Commerce Data Privacy Letter
- ‘We Need a Federal Standard’ – NMHC Reiterates Plea for Data Privacy Standard as FTC Explores New Rule
- FTC Commercial Surveillance and Data Security Comment Letter