Thestrongest set of data protection rules to date ' GDPR ' came into effect acrossthe European Union on May 25, 2018. The intent was to modernize laws protectingthe private information of individuals. But what the General Data ProtectionRegulation (GDPR) really did was pave the way for the implementation of similarregulations in other parts of the world.
In 2018,Vermont enacted the first state law mandating the registration of data brokers.Another U.S. state ' Ohio ' then made headlines with the first cybersecuritysafe harbor law. Within the same timeframe, the breach notification statute inColorado was amended to include a data deletion/disposal provision, whileMassachusetts and other states also enacted breach notification statutes.
Amidst allof these developments, Governor Jerry Brown of California passed the CCPA billon 28 June, 2018. The bill seeks to improve consumer protection and privacyrights for Golden State residents.
And thismakes sense considering that the innovative California ranks first inthe U.S. in net tech developments and net tech employment jobs added. Californiais also the home of Silicon Valley and its inventions, accounting for almost 19percent of the state's overall economic growth.
With anenforcement date of January 1, 2020, the CCPA ' despite several amendments 'will possibly end up being the toughest privacy regulation in the U.S.,one-upping the GDPR. Nearly every company that does business in California orhandles its citizens' personal data will feel the impact.
Anyhousehold or resident of California who can be reasonably identified, even witha unique identifier, is covered by the California Consumer Protection Act. TheCCPA allows California consumers to exercise a new set of rights.
The California Consumer Protection Act, althoughcontroversial, presents a unique opportunity for organizations to level-up onprivacy best practices.
If you arestill unaware of the effects of the CCPA on your business, it's time to get theball rolling. Otherwise, you might inadvertently attract a hefty fine. So, ifyou're currently involved in handling personally identifiable information (PII)of California residents, you need to change how you operate.
Yourcompany must now either adhere to the new standards for consumer datacollection outlined by the regulation or prepare for the consequences if youfail to safeguard this data.
Accordingto the CCPA, 'businesses' are for-profit entities that gather personal data fromconsumers ' in this case, residents of California ' and meet at least one ofthe following criteria:
If youdetermine that your business meets any of these criteria and is processingpersonal information derived from California consumers, you need to work onCCPA compliance.
Yourbusiness is not covered by CCPA regulations if:
Yourbusiness is exempt from CCPA laws until 2021 if personal details are collectedfrom employees, directors, staff, officers, owners, contractors, and jobapplicants in your company. However, right-to-know notification for employeeswill be required in some cases.
The billrequires businesses to submit reasonable verification of consumers in responseto their CCPA requests. Consumers must use their existing accounts to makeconsumer requests. Your business, however, cannot ask a consumer to create anaccount just for the sake of making the request.
Also,personal details of employees, officers, contractors, directors, and ownerscollected through business-to-business transactions or communications or duediligence will not fall under the purview of the CCPA. Vehicle manufacturersand dealers also have a right to share or retain vehicle details and ownershipinformation for recall or warranty-related repairs.
However,both of these caveats indicate amendments to the CCPA that have already passedstate legislature but have yet to be signed into law by California GovernorGavin Newsom.
Once theamendments are signed, they'll give employers time till 1 Jan 2021 to becomecompliant with CCPA, and will give the legislature more time to decide whetherthey want to keep employee records out of the purview of CCPA.
TheCalifornia legislature has since passed three other amendments to this billwhich require Governor Newsom's signature by October 13, 2019.
Atpresent, your business must have two or more designated contact numbers forconsumers to make requests under CCPA law, including an online website addressand a toll-free number. This amendment seeks to change the requirement ofhaving a toll-free number if your business operates exclusively online and hasa direct relationship with the consumer. In such cases, you only have toprovide an email address for consumers through which they can submit requests.
This amendmentwill remove confusing jargon from the current CCPA regulations about whatconstitutes publicly available information as well as remove languageconcerning the purpose of the data in federal records.
Thisamendment requires the California Attorney General to create a publiclyavailable data broker registry online, a provision which seeks to addtransparency for consumers so they can understand how your business utilizestheir data and who is accessing it.
We only have a few months leftbefore the CCPA comes into effect, so you should quickly determine whether ornot your organization will have to adhere to the new regulations. However, keepin mind that the positive effects of compliance with the CCPA on yourbusiness's marketing programs and efforts to generate consumer trust will bemore impactful than the associated penalties.
We take privacy seriously. While we promise not to sell your personal data, we may send product and company updates periodically. You can opt-out or make changes to our communication updates at any time.