Find Your Specialist


Contact Us

    Go Back

    A New Year Means New Privacy Laws

    Ever since the General Data Protection Regulation (GDPR) came into effect in May 2018, US state privacy laws have been passed in Virginia, Colorado, Connecticut, Utah and, most pressing of them all, California. The California Privacy Rights Act (CPRA) went into effect on January 1, 2023, amending the former California Consumer Privacy Act (CCPA). To make things more complicated, enforcement of CPRA is not effective until July 1, 2023, and the final regulation has not yet been approved. The newly formed California Privacy Protection Agency hopes to release the final rules in April 2023. Even with the final rule pending, it is recommended to review these changes to ensure your company is in compliance.  

    CPRA applies to for-profit companies that perform business in the state of California and collect personal information from California customers. The threshold requirements companies must meet have changed from the CCPA. Requirements apply to companies that exceed $25 million in gross revenue for the previous year, buy/sell/share personal information of 100,000 customers or households and gather 50% or more of annual revenue from selling or sharing of personal information.  

    Among the other changes that come with this amended act are the right to opt out of certain uses and disclosures of sensitive personal information, rights against the use of automated decision-making technology, stronger child privacy provisions and expanded notification requirements. One interesting new requirement is to pass on data deletion requests to service providers, contractors and third parties where data has been sold or shared. This requires vendor management reviews to ensure these third parties are identified, monitored and held accountable for their controls and requirements. Increased auditing requirements are best practice including cybersecurity audits and risk assessments.  

    Even though CPRA is on most minds, the Virginia law (the Consumer Data Protection Act) should not be overlooked. The law, passed in 2021, became effective in January 2023 and applies to B2C but not employees and B2B. Colorado’s privacy law is effective July 2023; a law similar to the Virginia law. In addition, privacy laws have been introduced in Michigan, Ohio, Pennsylvania and New Jersey. 

    If you are required to comply with CPRA, do not wait to begin your diligence. Compliance with this law requires numerous data identification, security and risk activities that should not be ignored.  

    Gina Gondron, CIA, CISA, CDPSE, is a Partner in Frazier & Deeter’s Process, Risk and Governance Practice. Gina oversees third party assurance compliance activities for companies of various size and across a variety of industries, with an emphasis in healthcare and technology. Contact Gina at gina.gondron@frazierdeeter.com  

    Related Articles

    • 01.25.2023

      A New Year Means New Privacy Laws

      Ever since the General Data Protection Regulation (GDPR) came into effect in May 2018, US state privacy laws have been passed in Virginia, Colorado, Connecticut, Utah and, most pressing of them all, California. The California Privacy Rights Act (CPRA) went…

      Continue Reading
    • 01.19.2023

      The New Rules Under Section 174

      Internal Revenue Code Section 174 has long been used by taxpayers to deduct certain expenses related to research and experimentation (R&E) in the current year.  The code section was originally enacted in 1954 to eliminate uncertainty in the tax accounting…

      Continue Reading
    • 12.20.2022

      IRS Customer Service May Improve in 2023

      With 4,000 new customer service representatives and plans to hire 700 new Taxpayer Assistance Center (TAC) employees, taxpayers soon may get relief from endless hold times, no in-person help and unresolved problems.

      Continue Reading
    • 12.12.2022

      Reduce Taxable Income with IRA Distributions Transfers

      IRA owners who are age 70½ or over can transfer up to $100,000 per year to charity to reduce their taxable income. These transfers, known as qualified charitable distributions or QCDs, offer end-of-the year tax savings and can count toward required minimum distributions (RMDs) that taxpayers who are age 72 must make each year. Think of it as a tax-free charitable rollover of IRA funds.

      Continue Reading
    • 12.02.2022

      UK R&D Tax Reliefs – Where Are We Now?

      In the November 2022 Autumn Statement, the Chancellor announced significant changes to the current Research and Development (R&D) tax reliefs. The key announcements were a change to the applicable rate of the Research and Development Expenditure Credit (RDEC) and a…

      Continue Reading
    • 12.01.2022

      1099s Required for 2022 Tax Year

      Taxpayers earning income from selling goods or providing services may receive a Form 1099-K, Payment Card and Third-Party Network Transactions, for the first time in early 2023, when the 2022 forms are due. The requirement to file Forms 1099 have…

      Continue Reading
    • 11.28.2022

      IRS Uncovers $3.1 Billion in COVID Fraud

      The IRS Criminal Investigation department (IRS-CI) has partnered with the Justice Department to uncover and prosecute fraudulent activities related to the federal government’s COVID relief programs. To date, the IRS has conducted 840 investigations involving fraud amounts totaling more than…

      Continue Reading
    • 10.25.2022

      IRS Inflation Reduction Act Increases Funds

      The Inflation Reduction Act of 2022, enacted in August, increased funding for the IRS by $80 billion through 2031 for enforcement activities, operations support, systems modernization and taxpayer services. The legislative language, Treasury Secretary Janet Yellen and IRS Commissioner Charles…

      Continue Reading

    Privacy Overview

    When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

    You can enable or disable our use of cookies per category.
    Always Enabled