Preparing for California’s New Privacy Law

Laura BednarCybersecurityLeave a Comment

California Consumer Privacy Act 2020

California’s new privacy law, the California Consumer Privacy Act (CCPA is now in effect. It is similar to other laws passed in foreign nations, most notably Europe’s General Data Protection Regulation (GDPR), as well as laws in other American states like Alabama, Iowa, Colorado, and Oregon. Prior to these laws, companies could gather personal information and consumer purchase data without consumers’ consent or knowledge.

The big push for tighter online privacy regulation has been driven in large part by the rise of smartphones and voice assistants. These technologies can gather extensive private information in ways that aren’t at all obvious to consumers. In addition, the news media are constantly reporting high-profile data breaches at major retailers and tech firms. In this environment, legislators have come under increasing pressure to give consumers more privacy, security, and control over their data.

Laying Down the Laws

The various data privacy laws differ in many important details, but they all share certain common features. All include protections for transparency, accountability, and consumer consent, and provide enforcement provisions typically resulting in hefty fines.

  • Transparency means that consumers can easily learn whether their data is being processed, and can request that it be changed or deleted.
  • Accountability consists of organizations thoroughly documenting their compliance with the laws and notifying the relevant authorities in the event of a breach.
  • Consent is to be mandatory. Organizations must not only gain explicit consent from consumers to gather information, they must carefully document and review it.
  • Enforcement makes companies liable for stiff fines, sometimes as much as 4% of their revenue.

While the details, again, vary from law to law, the bottom line is that consumers must be easily able to control their personal data.

Complying with CCPA

The spate of new laws has to some extent burdened companies who are used to leveraging personal data for targeted advertising. While many companies are already mobilizing to comply with the GDPR, and will be able to apply many of those measures and practical lessons to CCPA compliance, there are still a number of serious problems they must overcome.

For one thing, under CCPA, companies must make opt-out clearly available to consumers through a button or link on a website. The GDPR doesn’t require companies to gain customer consent to collect and use data, only to provide data to customers on request. In addition, the GDPR only applies to information that can be used to identify the customer, while the CCPA applies to information about the customer and his or her household. Businesses must keep track of this information in an organized way.

Both laws provide for data portability for consumers when technically possible, but differ heavily on the details. Under the CCPA, companies have about a month and a half to comply with a consumer request, whereas under the GDPR they have just the month. The CCPA allows consumers to demand data regardless of reason, while the GDPR specifies the criteria under which a consumer may make such a request.

Prepare for Any Digital Advancement

Overall, businesses will have to change their mindset and daily operations when it comes to data collection. The CCPA is only one of several data protection laws that already exist and others will soon come into effect. Keeping track of consumer information in a secure way and allowing for opt-outs in a simple manner are some of the main points to follow for those abiding by the CCPA.

Secure Data protects consumer privacy in every aspect of our operations. Our data recovery facilities are audited by a third party to ensure we meet industry standards. We go a step further to protect data even after it leaves our lab with our hardware encrypted and GDPR compliant SecureDrive products. No matter the advancements in data protection, Secure Data keeps up with the times to provide you with excellent service. Call 1-800-388-1266 to learn more about our secure practices.