In the wake of the pandemic, we’ve become more digitally connected, thus more vulnerable. By no stretch of the imagination, data privacy and its impact on consumers are the greatest challenges facing society today. Furthermore, there are issues of security breaches threatening user data.
Morgan Stanely was recently charged with a $60 million fine by the US Treasury Department for failure to secure customer data after shutting off two data centers.
The data security enforcements are expected to increase in the US with the passage of CCPA (California Consumer Privacy Act) and much more worldwide. As a result, consumers and enterprises are asking: What do companies know about me? Are they selling my data? How are they using the information?
The General Data Protection Regulation (GDPR) was introduced back in 2018 to give individuals control over their data. Even though access is not new, access permission is one of the most common requests organizations receive. So, sooner or later, you will have to explore the online privacy laws.
How is the CCPA good for businesses and users?
California is a state of affairs for a few reasons. The fifth-largest economy in the country, most businesses in the world have consumers in the state. CCPA requirements compel organizations to tell users what personal data is gathered about them if not sold to third parties. In addition, the California State privacy law extends beyond California. For instance, if a commerce intent entity collects and leverages the personal data of California residents, it is subject to the CCPA data protection act.
Furthermore, it enforces the choice to opt-out and “right to deletion,” although with a handful of restrictions.
With various technologies promising a customer 360 panacea regularly hitting the market, California privacy law is making a frictionless entry to California legal books. Too often, however, they have repositioned technologies for the hot CX market and needs of today’s regulatory environment. Staying on the right side of CCPA requires companies to user’s interests beyond business. Here’s how you can adjust to the post CCPA landscape beyond the technology solutions:
Determine if your company is put through to the CCPA. For example, companies serving California residents have at least $25 million in annual revenue. Companies of any size that have personal data on over 50,000 entities or collect more than 50% of their revenue from selling personal data should adhere to CCPA compliance.
Companies should work with the general counsel and legal professionals to immediately put a compliance plan and follow CCPA’s recommended requirements and needs.
Learn what works the best for you following the privacy regulations like GDPR, and implement those learnings to streamline California Privacy Rights Act compliance.
Reduce compliance risk and ensure you’re honest about what you do with your customer’s data by revising your online privacy notice. This should reiterate your customer-first approach to business and allow you to maintain more customers in the long run.
The California privacy law is similar to the General Data Protection Regulation (GDPR) for a more heavy-handed approach throughout the EU. While myriad enterprises in various industries have faced smaller sanctions, GDPR levies fines up to$22.34 million.
Current and Future Implications of CCPA
Californians are in the driving seat when it comes to data decisions enabling greater transparency into what personal data businesses collect and its use. The CCPA requirements allow users to question the data collection or mode of devices. In addition, if businesses use personal information with commercial intent, they must share which categories they sell and to whom they sell it.
GDPR CCPA is not a walk in the park. Under GDPR, you must grant their consent before you install cookies on the computer. However, the cookie law applies not only to cookies but to any other type of technology that administers information on a user’s device, i.e., device fingerprinting, unique identifiers, and more.
In layman’s language, cookies are akin to trackers. Moreover, the Cookie Law covers your website or browser environment and technology apps on smartphones, TVs, and other devices.
Trust in consent management platforms continues to play an eminent role in every organization’s perception and, more importantly, reduce risk and build trust with customers by keeping identities secure and private. With the US data privacy laws, businesses are responsible for safeguarding personal information when stored. However, while California privacy law says businesses must implement “reasonable security measures” to safeguard data information, there have been severe breaches of user privacy.
The children’s online privacy protection act (COPPA) imposes certain requirements on users of the website or online services directed to children under 13 years of age. In addition, the CCPA delivers an increase in potential penalties that the California Attorney General can assess against the breaches of California state privacy law.
What happens if you fail to comply with CCPA?
The CCPA data protection act delivers an increase in potential fines and penalties assessed by the California General against businesses that violate California CCPA. The civil penalties can start from $2500 per California right privacy act breach for unintentional non-compliance. For intentional, non-compliance can levy a penalty of $7500 per violation.
The CCPA states that if a company can rehabilitate within 30 days of being notified of the offense, they get off with a warning. However, if the company can’t remedy the situation, they are subject to penalties.
The steps taken by California and other states pursuing their privacy laws have the ultimate goal of providing privacy expectations to all Americans. The demand for regulation of technology companies within the California privacy rights act.
We enter a new era where we have a greater opportunity to secure our private information, and ultimately our digital identities. It’s requisite for technology users to recognize how this new law will impact you and prepare you for more change. Further, the technologists that design and regulate such applications should advocate for development in data.