The California Consumer Privacy Act (CCPA) was enacted in January of 2020 to protect the personal information of California residents. In early March of 2020, the California Office of the Attorney General released a set of proposed revisions to the CCPA draft that would alter the regulations. Beginning July 1, the Attorney General’s office will be enforcing the regulations with penalties, which is more authoritative than when consumers were bringing private rights of action. With this new enforcement, businesses need to actively prepare their systems to comply with the data protection laws.
Public Provides Changes to the CCPA Laws
The California Attorney General submitted the final text of the CCPA to the California Office of Administrative Law (OAL) on June 1 after taking into consideration comments from the public. In the original version, businesses had to notify a consumer when their personal data was being collected, how it was used, and who it was sold to.
Consumers could also request to have their data removed from a business or third party who received the information in a sale. The final main point was for a “do not sell my information” button to be on the homepage of businesses. After public commenting, the Attorney General’s office created a new draft of the law that included the following changes:
Finding Tarnished Businesses in the Golden State
Starting next month, the Attorney General of the state may enforce consequences of violating the CCPA laws after a 30-day notice. These consequences include penalties of up to $2,500 per violation or up to $7,500 per intentional violation. Companies are required to provide residents of the state with a copy of any personal data they have and prove they are reasonably protecting that information.
Individuals may file a class action lawsuit or the Attorney General can bring action against the company if the data is not properly secured. This means a business with several databases-worth of information must now secure it to avoid a potential penalty. The more data a company has, the harder it is to secure it all and many businesses have not had to deal with regulation like this before.
Getting Down to the Business of Data Protection
The first step in protecting data is to locate where it lives and determine what files are considered to be “personal information.” Some actions businesses should take to prepare for data protection requests include:
SecureData is committed to data security and offers a variety of products and services to maintain GDPR and HIPAA compliance. Our hardware encrypted storage devices prevent unauthorized parties from accessing the data and are FIPS 140-2 Level 3 Validated for total security. Corporations can implement these devices into their existing operations and will successfully protect data as they transition to following these new standards. To learn more about our line of storage products or our other data security services, call 1-800-388-1266.