A
A
A
In recent years, the disclosure of customer information by hackers brought embarrassment to banks and retailers as well as anxiety to those who use them.Social media companies, likewise, are subject to breaches in their data security systems. Although this highly wired economy is not about to return to 20th-century commerce, the ability of cyber-bandits to access confidential info demonstrates that protective technology struggles against some formidable challenges. When sometimes nefarious actors gain entree to credit lines, checking accounts, private communications and payment histories, the resulting losses are difficult to regain. The state of California is seeking to correct these weaknesses.
The California Consumer Privacy Act (CCPA)
Read More »
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) is perhaps the most exhaustive of its kind in terms of letting people retain more control over personal information. The law reveals a public dissatisfaction with the ways that businesses are safeguarding confidentiality for their patrons. Broadly summarized, CCPA improves data security in the following ways:
- Companies must tell their customers how they gather personal information; the source of the data; with whom they share it; and how this knowledge is utilized.
- Customers are given veto power over whether a business will share their personal data.
- Customers can request that a company delete their personal material from their data files.
- Businesses are required to give their consumers a heads-up before collecting personal data.
- Businesses may not financially penalize customers who refuse the sharing of their info.
For many enterprises, these mandates will demand a heavy-duty overhaul of their security procedures and infrastructure. Still, as draconian as some of the required measures might seem, the resulting gains in consumer confidence will redound to the companies’ benefit. After all, half of all Americans are convinced their data is more at risk than was the case five years ago. They are more likely to patronize a firm that complies with the strict guidelines exemplified by the CCPA.
A Law with National and Global Repercussions
The fifth largest economy on earth is the state of California. With today’s worldwide commercial scope, a company of any appreciable size will want to access the Golden State sooner or later. When it does, it will fall subject to the CCPA, and must tailor its privacy policy accordingly. Specifically, businesses that gross 25 million dollars or more; collect, sell or share information in excess of 50,000 customers; or accrue at least half of their yearly profits from selling the personal data of patrons are bound by CCPA’s rules. As the law sinks in, time will tell whether the California market is worth compliance or not.
Complying with CCPA
As noted, some of the stipulations of CCPA are demanding so preparation is paramount…especially since the law is already in effect! The best place to begin is measuring present data governance capacity against the conditions of CCPA. If the business is dependent on income from the selling of personal data, it should adjust its practices with an eye to CCPA privacy standards. Invest in the technology and personnel necessary to meet the requirements of CCPA and similar laws. In addition, firms should establish a dedicated staff component that assures compliance with CCPA provisions on an ongoing basis.
The urgency of getting ready can not be over-estimated. The California law is receiving enormous attention throughout the United States — in the media and in the business community. Other state legislatures are considering enacting similar statutes. Therefore, even if a company is not serving California customers, it will eventually face comparable privacy codes.
