Everything to Know About The COPRA Bill

Home  »  Blog  »  Cyber Security  »  Everything to...

By Bill Minahan   |   July 27, 2022   |   0 Comments

Everything to Know About The COPRA Bill

CORPA Bill business data

Businesses have struggled to keep up with privacy regulations. This has become a more prevailing issue as individual states have taken it into their own hands to handle legislation. One of the most far-reaching bills of its kind was the California Consumer Privacy Act (CCPA). It was passed in 2018, but a national bill known as COPRA was recommended the following year.

In November 2019, the Consumer Online Privacy Rights Act (COPRA) would help standardize privacy and security regulations for businesses across the United States, but no action has been taken yet. While many state laws like the CCPA are already in effect, COPRA remains in introduced or “proposed” status, waiting for approval.

With that said, if your business is seeking to improve its cyber security standards, understanding what is in the COPRA bill is essential. After all, this act has not fallen out of the public eye since its initial introduction. With its contents proving more and more aligned with state legislation and emerging concerns across the nation, it or a similar bill is likely to be passed shortly.

What Are the Requirements of the COPRA Bill?

COPRA has three sections, the first on data privacy rights; the second covering oversight and responsibility; and the third delving into enforcement, penalties, and the ways a business may suffer if they fail to comply with the act.

COPRA Bill Data Privacy Rights

The primary purpose of the COPRA bill is to improve data privacy for consumers. The data privacy rights that the bill lays out include:

  • Businesses may not utilize data in a deceptive or harmful manner. In other words, the reason for data collection and the way it will be utilized or shared must be disclosed to the consumer. The bill refers to this as the “Duty of Loyalty”.
  • If a consumer request it, a business must provide (in a human-readable format) a copy of the covered data they have stored along with information on any third party that has accessed that data: “Right to Access and Transparency”.
  • If a consumer requests it, a business must delete any data the consumer requests to be removed. The business would also need to notify any third parties to which they shared the data that the consumer would like the data removed.

Additional sections of the bill require a business to update inaccuracies and export data at the request of the consumer. Under the act, a business must also minimize data, which means only processing what is reasonably necessary.

As a business, the data privacy rights defined by the COPRA bill may not contradict your current business practices. However, they may bring about the need for new disclosures and processes to achieve compliance. For instance, do you currently have the means to explain how data is being collected and used so you can receive consumer consent?

Moreover, do you have a way to track third-party data access? Do you provide a copy of data and access history to a consumer upon their request? How about consistently updating or deleting data if a consumer requests it? These are the time-intensive side effects of new regulations like COPRA that your business must be ready for.

COPRA Oversight and Responsibility

When it comes to achieving COPRA compliance, the bill itself lays out the requirements in a straightforward manner, stating:

  • You must designate one or more officers to oversee COPRA compliance throughout the year.
  • An identified officer at your business must certify compliance with the act annually by providing a list of documentation.
  • Your business must evaluate all of its partners and data sharing efforts. In this way, you can reasonably ensure that you are only working with businesses that comply with the COPRA.

Sound complicated? While COPRA is not yet enacted, this bill or a similar one will likely be passed at the national level in the year to come. Additionally, multiple states have enacted their legislature, which your business needs to follow if you are conducting business in that area.

With all of this in mind, achieving compliance may sound more complex than ever before. Despite challenges, it’s of crucial importance that your business invests in security compliance. As a result, you may find that the best way forward is to partner with a third-party expert.

At aNetworks, we’ve helped countless businesses achieve security compliance. So we are confident can help your business get ahead of upcoming regulations through new technology, processes, and training. Ready to learn more? Schedule a consultation today.

You can find us on FacebookTwitter, and LinkedIn.

Lastly, our Resource Center is another great way of staying connected!