Think the California Consumer Privacy Act doesn’t apply to you? Think again.
Thursday, December 12, 2019
The California Consumer Privacy Act (CCPA) of 2018 goes into effect Jan. 1. One way to describe it is as California’s answer to the European Union’s General Data Protection Regulation (GDPR).
Though there are significant differences in the specifics, both the CCPA and GDPR will and have had significant impacts on business. Before you dismiss either as irrelevant to your organization, here are a few things to consider.
Wait — give me that back!
It is almost easier to understand the impact of CCPA from the consumer perspective. As consumers, the CCPA gives us the right to understand the data a covered organization has on us and what they intend to do with it.
Further, if the covered company decided to do anything else with our data, they also have to tell us. We can also opt out of those uses and ask for our information to be deleted. However, we also have the right to opt back in without previous data collected on us coming back into consideration.
This may sound great for us as consumers, but as we saw with the GDPR, it can be quite onerous for organizations (unless you have the resources of Google). CCPA is poised to be just as problematic from both a system and processing side as GDPR, but in different ways.
CCPA is different from GDPR in a few specific ways, but in general they both address “rights of access, portability, and data deletion” for consumer information. This means, according to this International Risk Management Institute summary, covered companies have to explicitly note the sources, categories, commercial purpose, and specific pieces of personal information the business has collected about the consumer.
Further, covered organizations must also disclose the sources and commercial purpose for collecting or selling the information in addition to whom they are providing the information.
In other words, if we are using someone’s personal information that can be linked to them for business purposes, we need to be able to clearly let that person know and give them the option to opt out. We also must be able to track and respond to those requests, monitor them for compliance and of course, have systems in place to ensure we are actually accurately deleting their information as requested.
Not me or just not now?
This Fortune article nicely summarizes who will be required to comply by Jan. 1: “companies with more than $25 million in gross revenue, businesses with data on more than 50,000 consumers, and firms that make more than 50% of their revenue selling consumer data (i.e., data brokers).”
That same article also noted an important point: many organizations were expecting the bill to either be watered down as a result of aggressive lobbying by tech companies or overwritten by a federal law. Neither happened by the September 2019 deadline. This underscores an important trend in favor of consumers’ rights around their information.
It is a trend that is here and will continue. Whether you meet this first round of requirements or not, be prepared for transparency and consumer rights to information to expand and the gathering, reporting and selling requirements of their information to become more rigorous and transparent.
- Law Enforcement, Defense & Security
- Business Management, Services & Risk Management
- Civil & Government
- Science & Technology
- 8 exercises for strengthening your business writing
- 10 negative employee behaviors that undermine success
- 7 trigger control errors and how to fix them
- The stress of 911 call-takers and emergency dispatchers
- Children of the badge: The impact of stress on law enforcement children
- Selling your business? What tenants need to know about their lease
- Married to the badge: Stress in the law enforcement marriage
- Writing the letter that gets you more referrals
- Tips for choosing to make smarter decisions
- How HR technology is mitigating compliance risk in 2020
- Smart pills: The pros and cons of an important healthcare trend in 2020
- Hydrogen hopes burn brightly in the UK
- Infographic: Protecting your data from physical theft
See your work in future editions
Your content, Your Expertise,
Your Industry Needs YOUR Expert Voice & We've got the platform you needFind Out How