California changed privacy compliance, and processors aren’t ready

California changed privacy compliance, and processors aren’t ready

Risk Disclaimer >>
Ad disclosure Fintech-Insight stands firm in its mission to facilitate sound financial decisions for you. We forge alliances with specialists to provide the latest in news and facts. Engagement with designated links, sponsored entries, products and/or services, leading transfers to brokers, or promotional content might entail financial recompense for us. We pledge to protect our users from any negative repercussions arising from utilizing our site. Be informed that no content hosted here should be interpreted as authoritative in legal, tax, investment, financial matters or any expert counsel; it is meant for informational purposes exclusively. Should there be any concerns, securing the guidance of an independent financial consultant is recommended.

This November, the passing of the California Privacy Rights Act (CPRA) was an unsurprising election result. By a strong margin, voters in California decided on November 3rd to extend the powers of the recently legislated California Consumer Protection Act (CCPA) and place more stringent data protection and transparency requirements on businesses with California-based customers.

While amendments to the act will likely alter the CPRA over the next two years, the need to allow customers to choose their data preferences when signing up for your or your clients’ services will remain a core part of compliance.

For organizations with more than 100,000 customers and/or annual revenue above $25 million, meeting the CPRA’s provisions will become a legal imperative from January 1st, 2023.

Among a host of consumer-focused provisions, the CPRA gives customers the right to opt out of the sharing or selling of their personal information while also stipulating harsh fines for businesses that breach its regulations.

The prospect of complying with the CPRA, and the potential for severe penalties for non-compliance, is likely to worry many payment processors about how their operations will need to change. The key to mitigating these concerns is being proactive and customer-led when it comes to compliance.

Payment processors can start by letting their customers know about the steps they will need to take to keep impacted consumer data compliant with the CPRA.

However, communication may also need to be accompanied by an audit of how customers store, share, and (if relevant) sell data currently. For payment processors, the next step should be integrating an opt-out mechanism into their platforms where customers will be required to receive personal information.

Under CPRA, businesses will need to get an explicit CPRA agreement from California-based customers to indicate whether they are comfortable with their data being shared or sold. It’s important to note that “sharing” is defined in the act as “cross-context behavioral advertising, whether or not for monetary or other valuable consideration.”

With many impacted businesses still not ready to comply with the now enforceable CCPA, CPRA affected payment processors should start preparing for this new piece of legislation now.

Co-founder and CEO,

Risk Disclaimer

Fintech-Insight is dedicated to delivering unbiased and dependable insights into cryptocurrency, finance, trading, and stocks. However, we must clarify that we don't offer financial advice, and we strongly recommend users to perform their own research and due diligence.

Leave a Reply