65% of the world’s population will be protected by privacy laws by the year 2023 (Source: Gartner).
California Privacy Rights Act (CPRA) will only protect Californians. So, why is it so significant for your Salesforce Org?
In this three-part series, we will explore Data Privacy Laws and specifically CPRA.
As more end customers get digitally connected to companies, it is important that their data and privacy are respected. It also means that companies need these privacy laws as they need to be more sensitive to their customers’ rights.
However, these laws have a deeper impact. As companies are bursting at their seams with customer data which keeps growing exponentially in our hyper-connected world, they have started asking themselves as to what they can do with this mountain of data? Does it serve any purpose? How much data is enough to keep?
More significantly, what data should they delete? They not only need to consolidate and rationalize this data, but they also need to remove what is not relevant anymore.
Thus, both customers and companies need these laws.
In June 2018, CCPA (California Consumer Privacy Act) came into existence after being signed as law, called Assembly Bill 375 (AB 375).
Thus, CCPA is the existing framework of Privacy law which was passed by Californians in 2020. It is quite robust in itself.
With Silicon Valley at its heart, all eyes around the world were on California and the passing of this law. As you can imagine, many states in the US have now adopted a framework very similar to that of CCPA.
Once it was passed, there was a rising need to make it more powerful and relevant in protecting the privacy of Californians as customers in our digital world. And so CPRA was born.
There are fundamentally two facets of any privacy law including CCPA/CPRA, GDPR etc which are
Let us understand these two aspects in detail, and also the differences between CCPA, GDPR, and CPRA.
On November 3, 2020, CPRA (California Privacy Rights Act) was passed, and as a law will come into force starting January 1, 2023.
This begs the question: what happens to CCPA once CPRA comes into effect?
Essentially, both CCPA and CPRA are here to stay. CCPA will remain in its current form and CPRA will add a few more significant elements in addition to CCPA. Together, these will:
CPRA will add to CCPA to enrich the scope of the two when combined. If you take away CCPA from this scenario, CPRA alone will not be as effective.
CCPA applies to any business that meets the following criteria:
CPRA has modified the scope of CCPA with the following:
There is also a definition of Sensitive Data added in CPRA. This is discussed in detail later in this blog series.
GDPR is Europe’s privacy rights framework legislation that holistically covers the essential tenets of CCPA and CPRA combined.
A corollary to the above statement would be that when you combine CCPA and CPRA, they together are comparable to GDPR. It is easy to understand that CPRA has taken certain elements from GDPR which were missing in CCPA. So, one can say that CCPA combined with CPRA makes it the GDPR for California.
Let us first understand the Rights of individuals which are protected currently under CCPA:
CPRA has gone a step further in protecting the rights of individuals by adding
Apart from the above-added rights, CPRA also now clearly defines data as
as these definitions were slightly indistinct in CCPA.
In the next part, we will cover the latest additions to CPRA.
Saurabh is an Enterprise Architect and seasoned entrepreneur spearheading a Salesforce security and AI startup with inventive contributions recognized by a patent.
Get a clear understanding of the GDPR’s impact on Salesforce and explores the benefits of automating RTBF and Data Portability.
This is the second in our series of articles on GDPR. Check our previous article here on GDPR Data Inventory, Data Processing and Right To
“I don’t even know where to start…We have 5 Million customer records.” said the exasperated to-be DPO. As an American company that primarily does business
Why should you read this? Data Privacy laws such as GDPR and CCPA bring in a new set of requirements around Consent for the
Salesforce and Cloud Compliance, a four-minute read about what Salesforce does and how Cloud Compliance works with it. Let’s start by knowing about our needs
