Cybersecurity is not only a national security issue given recent attacks on our election system and critical infrastructure by nation states and organized crime, but increasingly a kitchen table issue for us Californians. We must grapple with the impact of our financial, medical and other personal data being stolen and compromised via a growing number of data breaches, while at the same time trying to continuously avoid the growing minefield of phishing, malware and other types of cyberattacks that indiscriminately target us in our daily use of the Internet.
In this blog post we will discuss how Prop 24 (aka the California Privacy Rights Act or CPRA) is designed to help Californians be protected from hackers and the threat of Identity Theft. You can also watch this 1-minute video from Alastair Mactaggart, Chair of Californians for Consumer Privacy (the proponents of Prop 24) who gives us his thoughts on how Prop 24 is so critical in this area of cybersecurity.
Right to Have Our Information Kept Safe
Prop 24 and the CPRA give Californians the fundamental right to have your personal information kept safe. Specifically, the CPRA tells businesses that if they are going to collect personal information, then they must keep it secure from theft! Unfortunately, too many businesses just leave your information lying around in plain text, and who suffers? You do, when your identity is stolen.
Specifically, Prop 24 adds the following language (in underline) to the existing California Privacy Rights Act: 1798.100(e) A business that collects a consumer’s personal information shall implement reasonable security procedures and practices appropriate to the nature of the personal information to protect the personal information from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with Section 1798.81.5.
The good news is this language raises the bar for businesses to do a better job of protecting your usernames and passwords, which in turn will decrease the likelihood your usernames and passwords will be stolen and then “replayed” on 1000s of other sites where you may have shared the same username/password combination. Or, in the case of stolen security questions, allow a hacker to use the answers to your security questions to reset your passwords on other websites.
Enhanced Private Right of Action
Furthermore, the CPRA adds “email plus password or security question & answer” to the list of items subject to a private right of action. Put another way, if your email and password is stolen or hacked due to the negligence of a business, the business could face massive fines, potentially owing thousands or even millions of Californians up to $750 each.
Specifically, Prop 24 adds the following in underline to existing California law to again make sure business do a better job of protecting your account login info: 1798.150 (a) (1) Any consumer whose nonencrypted and nonredacted personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, or whose email address in combination with a password or security question and answer that would permit access to the account, is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action for any of the following: (A) To recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.
We as Californians should practice good password hygiene and enable multi-factor authentication (MFA) to secure our personal accounts. But businesses should do their part as well, by implementing better security procedures and better protecting your security questions and passwords.
Prop 24 not only strengthens your privacy rights, but also strengthens security. Please vote Yes on Prop 24!