The majority of CPRA amendments took effect on Jan. 1, 2023, and introduced new data minimization obligations into the CCPA. As a result, the CCPA now requires a business’ collection, use, retention, and sharing of a California resident’s personal information to be “reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.” (Cal. Civ. Code § 1798.100(c)). Businesses that fail to comply with the CCPA could face litigation that is damaging to the organization’s finances and reputation. Moreover, non-compliance can also lead to fines of up to $2,500 per violation or $7,500 for violations that are intentional or involve children, with each impacted consumer potentially giving rise to a separate violation.
8 Tips for Businesses to Achieve Compliance and Avoid Fines Under the CPRA’s Data Minimization Requirements
Insights
8 Tips for Businesses to Achieve Compliance and Avoid Fines Under the CPRA’s Data Minimization Requirements
August 16, 2024
By Daniel B. Garrie, Bradford Newman, Jonathan Tam
Organizations that prioritize data minimization and stay up to date with changes in privacy laws and regulations will be well- positioned to meet the privacy challenges of the future.