Republish
New Privacy Protection Agency needs more time to develop regulations
We love that you want to share our stories with your readers. Hundreds of publications republish our work on a regular basis.
All of the articles at CalMatters are available to republish for free, under the following conditions:
-
- Give prominent credit to our journalists: Credit our authors at the top of the article and any other byline areas of your publication. In the byline, we prefer “By Author Name, CalMatters.” If you’re republishing guest commentary (example) from CalMatters, in the byline, use “By Author Name, Special for CalMatters.”
-
- Credit CalMatters at the top of the story: At the top of the story’s text, include this copy: “This story was originally published by CalMatters. Sign up for their newsletters.” If you are republishing commentary, include this copy instead: “This commentary was originally published by CalMatters. Sign up for their newsletters.” If you’re republishing in print, omit the second sentence on newsletter signups.
-
- Do not edit the article, including the headline, except to reflect relative changes in time, location and editorial style. For example, “yesterday” can be changed to “last week,” and “Alameda County” to “Alameda County, California” or “here.”
-
- If you add reporting that would help localize the article, include this copy in your story: “Additional reporting by [Your Publication]” and let us know at republish@calmatters.org.
-
- If you wish to translate the article, please contact us for approval at republish@calmatters.org.
-
- Photos and illustrations by CalMatters staff or shown as “for CalMatters” may only be republished alongside the stories in which they originally appeared. For any other uses, please contact us for approval at visuals@calmatters.org.
-
- Photos and illustrations from wire services like the Associated Press, Reuters, iStock are not free to republish.
-
- Do not sell our stories, and do not sell ads specifically against our stories. Feel free, however, to publish it on a page surrounded by ads you’ve already sold.
-
- Sharing a CalMatters story on social media? Please mention @CalMatters. We’re on X, Facebook, Instagram, TikTok and BlueSky.
If you’d like to regularly republish our stories, we have some other options available. Contact us at republish@calmatters.org if you’re interested.
Have other questions or special requests? Or do you have a great story to share about the impact of one of our stories on your audience? We’d love to hear from you. Contact us at republish@calmatters.org.
New Privacy Protection Agency needs more time to develop regulations
Share this:
By Julian Cañete
Julian Cañete is president and CEO of the California Hispanic Chambers of Commerce.
Edwin Lombard, Special to CalMatters
Edwin Lombard is president and CEO of ELM Strategies and former president and CEO of the California African American Chamber of Commerce.
COVID-19, supply chain disruptions, inflation … privacy rules?
Just when California’s 4 million small businesses have fought, scraped and clawed their way through a daunting gauntlet of global crises, a new, little-known state agency is barreling toward a deadline to create a complex framework of privacy regulations that will affect nearly all of them.
The California Privacy Protection Agency, established following voter passage of Proposition 24, or the California Privacy Rights Act of 2020, is responsible for adopting the first comprehensive privacy regulations in the United States, and its statutory deadline is July 1.
With only four months to go, the Privacy Protection Agency has not held a single pre-rulemaking public hearing, shared any draft regulations for the public to comment on or begun any formal rulemaking activities. Simply put, it’s not ready.
We are deeply concerned about the unintended consequences of rushing these regulations, especially for small, minority-owned businesses that have already been disproportionately impacted by the public health crisis.
To date, the Privacy Protection Agency lacks the appropriate resources and expertise to develop the regulations by July 1. The Legislature must step in to extend the deadline and help ensure small, minority-owned businesses have real and significant input in the process, including ample time for informational hearings, review of draft regulations and adequate public hearings.
We recommend extending the Privacy Protection Agency’s statutory deadline to adopt privacy regulations from July 1, 2022, to Jan. 1, 2023, and extending the enforcement date from July 1, 2023, to Jan. 1, 2024. This would provide small businesses with a full year after the regulations are finalized before enforcement would begin, as intended by the California Privacy Rights Act.
Our organizations of small, ethnically diverse California businesses support protecting the privacy of the consumers we serve. But it is critical that those most impacted by potential regulation have meaningful input into its development and implementation.
To date, the Privacy Protection Agency has not afforded small businesses more than a cursory review, but the California Privacy Rights Act originally sought balance: “The rights of consumers and the responsibilities of businesses should be implemented with the goal of strengthening consumer privacy while giving attention to the impact on business and innovation.”
The plight of small businesses during the public health crisis has been well chronicled. Fifty-six percent of California small businesses experienced large, negative effects, such as layoffs, missed payments and lost revenue, during the first few months of the pandemic that has raged on for more than two years.
California’s 1.2 million minority-owned small businesses have been especially hard hit. By September 2020, nearly 40,000 small businesses closed, and the businesses impacted most by state and county stay-at-home orders “lacked an online presence and had small cash reserves.”
While many small businesses were forced to shut down their brick-and-mortar establishments and move more commerce online, unreasonable and impractical regulations could inflict even more damage.
The Information Technology and Innovation Foundation has estimated that California small businesses will take on costs of $9 billion related to California’s privacy law, which does not cover compliance with other state privacy laws.
It is critical that the Privacy Protection Agency develop regulations that are reasonable and practical to avoid unintended consequences and irreparable harm for California’s small businesses. Agency board members have described their approach as “building a plane while flying it.” There is too much at stake for such a risky, cavalier approach.
California voters made their voice heard with passage of the California Privacy Rights Act. We must all work together to make sure any new regulations are successful. That means eliminating the risk and uncertainty associated with creating and adopting regulations on the fly. Instead, we want to help the California Privacy Protection Agency get it right by giving it more time to develop privacy regulations that are reasonable, practical and do no harm to entrepreneurs.
_____
Julian Cañete has also written about California casualties in Congress’ effort to regulate Big Tech, how lawmakers must commit to small, minority-owned businesses, a proposal would overturn policy that saves Californians money on auto insurance, creating pathways to postsecondary education will help ensure success, and how small businesses in California need financial relief, and how a ban on flavored tobacco will hurt convenience store owners.
Edwin Lombard has also written about how California’s tax on inherited properties hurts minority communities, Prop. 15 would threaten small businesses, how lawmakers must commit to small, minority-owned businesses, and how small businesses in California need financial relief.