Effective boards must carefully consider and comply with regulatory policies, like the California Privacy Rights Act. We discuss how your board can comply.
As a board director, you must ensure your organization has an effective strategy for managing governance, risk, and compliance issues. This means understanding the requirements of any regulations your organization needs to comply with.
The California Privacy Rights Act (CPRA) went into effect Jan. 1, 2023, and applies to organizations that employ Californians and made more than $25 million globally in the previous calendar year. It does not apply to governmental organizations or nonprofits.
However, since California typically sets the precedent for data compliance, it may be wise to learn more about the new guidelines, no matter where your organization conducts business. Read on to learn more about CPRA and why it matters.
What is CPRA?
Also known as Proposition 24, CPRA is a comprehensive data privacy law passed in November 2020. It builds on the California Consumer Privacy Act (CCPA), enacted in 2018, and gives consumers more control over their personal information.
The CPRA requires organizations to provide consumers with the right to opt out of the sale/provision of their personal information, as well as the right to access, delete, and correct their personal information. It also requires organizations to provide consumers with the right to opt out of targeted advertising and data profiling.
In addition, the CPRA requires organizations to implement reasonable security measures to protect consumer data from unauthorized access or disclosure. Organizations must also provide consumers with clear and conspicuous notice of their rights under the CPRA.
Boards of directors need to understand the CPRA and ensure their organizations comply with its requirements. Failure to do so could result in costly fines and reputational damage. Additionally, boards should ensure their board management solutions are secure and compliant with the CPRA, as this will help them protect their data and reduce risk exposure.
How to Achieve CPRA Compliance
While CPRA went into effect in 2023, there’s a one-year lookback window. This means data collected in 2022 must comply. Metarouter shares resources to help prepare. In addition, we’re outlining steps to compliance below.
1. Provide Full Data Usage Disclosure to Users
The first step to achieving CPRA compliance is to provide users with full disclosure of how their data will be used. That means you must clearly explain what data you are collecting, why you are collecting it, and how it will be used.
2. Provide Opt-Out Options
Under CPRA, organizations must provide users with the right to opt out of the sale/provision of their personal information, as well as the right to access, delete, and correct their personal information.
3. Implement Reasonable Security Measures
The CPRA requires organizations to implement reasonable security measures to protect consumer data from unauthorized access or disclosure. You must ensure that your board management solution is secure and compliant with the CPRA.
4. Enter Into Data Usage Contracts With Third Parties
Sometimes, you may have or do everything necessary to ensure CPRA compliance. But how sure are you that your third-party vendors will comply with information security best practices? That’s why you must put pen to paper and ensure your partners are also CPRA-compliant. These contracts must clearly outline the terms of data usage and ensure that all parties comply with the CPRA.
5. Create Data Governance and Data Classification Policies
For proper risk management, create a data governance policy that outlines the rules and regulations for handling customer data. Additionally, you must create a data classification policy outlining how different data types should be handled.
Discover OnBoard's Secure System of Record
Every board deserves technology that simplifies meeting management while uncovering insights and protecting data. OnBoard is a secure system of record that meets the highest data security and compliance standards, including CPRA compliance. In addition, OnBoard comes with the following security features:
- ISO 27001 Certified: OnBoard’s security and infrastructure are ISO 27001 certified, ensuring data assets such as financial info, intellectual property, and PII stay safe.
- Two-Factor Authentication: Two-factor authentication creates more secure access. OnBoard accounts can be enabled to verify the user’s identity separate from their password.
- Compliance and Records Controls: OnBoard enables you to deploy customizable, multi-level, and granular control for sensitive data, including the ability to purge notes and annotations.
- SOC 2 Certified: OnBoard’s privacy policies, data procedures, controls, and security practices have been audited by outside firms and affirmed to maintain the highest levels of security, privacy, availability, and confidentiality.
Modern Boards Rely on OnBoard
Investing in software to improve meeting effectiveness helps boards save time, streamline communication, and make better decisions. Our software provides a centralized location for all board materials and enables real-time collaboration and communication. And you can rest easy knowing your data is always safe and secure, as it meets several security compliance standards, including SOC 2, ISO 27001, and CPRA.
With multiple features to streamline board business and improve meeting effectiveness, our platform is designed to work the way you do. OnBoard’s drag-and-drop agenda builder makes assembling a board book faster than ever. The software sends reminders about upcoming meetings, and then lets directors track who engages with board materials and for how long so they know what needs the most discussion.
Download OnBoard’s free Meeting Minutes Template for an example of how the best boards write their minutes to accurately and legally reflect what occurred during the board meeting.
About The Author
- Josh Palmer serves as OnBoard's Head of Content. An experienced content creator, his previous roles have spanned numerous industries including B2C and B2B home improvement, healthcare, and software-as-a-service (SaaS). An Indianapolis native and graduate of Indiana University, Palmer currently resides in Fishers, Ind.
- Board Management Software2023.09.12What is a Nondisclosure Agreement? (Overview, Definition, and Examples)
- Board Management Software2023.09.085 Best ESG Funds in Australia
- Board Management Software2023.09.075 Best ESG Certifications in Australia
- Board Management Software2023.08.18Articles of Association vs. Memorandum: What’s the Difference?