The proposed Consumer Privacy Protection Act (CPPA), if implemented, will become one of the world’s most stringent privacy laws, comparable to the European GDPR and California’s consumer privacy act. While consumers get more control over their data, organizations will need to be more transparent and cautious with data handling.

Some of the key obligations for organizations under CPPA include:

  • Mandatory privacy management programs to ensure compliance such as updating policies, employee training, and enhanced security.
  • Ensuring greater transparency regarding the use of algorithms and artificial intelligence when processing consumer data.
  • Providing information in a clear way to ensure consumers understand what they are consenting to.
  • Adhere to new mandates on de-identification of personal information, including:
    • not using the information in combination with other data or alone to identify an individual and
    • implementing administrative and technical measures when de-identifying data

Consulting a law firm with deep expertise in privacy laws is the best way to keep pace with compliance obligations.