Few Businesses Are Ready For California’s New Consumer Data Privacy Law

In 2020, one of your New Year's resolution might be to have better control of your digital privacy.  Now in California, it's not just a resolution, it's the law. The problem, though, is that some companies are pushing back against key provisions of this California Consumer Privacy Act California Consumer Privacy Act (CCPA). 

As of January 1, Americans are now finally protected by a comprehensive online privacy law, at least, the nearly 40 million Americans living in California are. But as with Europe’s GDPR, General Data Protection Regulation from 2018, at least some aspects of the CCPA could extend beyond the state.

The California Consumer Privacy Act has been effective since January 1st 2020, and it doesn’t look like anyone, even the state of California itself, is totally ready.  Draft regulations for enforcing the law are still being finalized at the state level, and questions about specific aspects of the most sweeping privacy regulation since GDPR are still not clear. 

The crux of the CCPA is this: if your company buys or sells data on at least 50,000 California residents each year, you have to disclose to those residents what you’re doing with the data, and, they can request you not sell it. Consumers can also request companies bound by the CCPA delete all their personal data. 

Despite the handwringing ahead of its deadline last year, GDPR went as smoothly as could be expected. And Facebook and Google are already facing billion-dollar lawsuits over alleged violations of the GDPR, but it will be years before those suits are closed. 

Until that time, small companies will have only a muddled sense of how they might be vulnerable to the rule, and compliance continues to be something of a puzzle.But the CCPA is likely to be an even greater compliance challenge. It’s the first sweeping legislation in the US to give consumers control over how their personal information is used online, and may signal how other states will seek to protect their residents’ privacy. 

California Attorney General Xavier Becerra has said that even though widespread enforcement of the CCPA isn’t likely until July, companies should not view the first six months of the year as a grace period. “We’re going to try to help folks understand our interpretation of the law,” Becerra said, “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”

James Steyer, CEO of children’s privacy advocacy organisation Common Sense, says he thinks most companies are making good-faith efforts to get in compliance with the CCPA.

Microsoft has said that it plans to implement the provisions of the CCPA not just in California, but for all its customers, too. 
Facebook looks to be taking a different approach toward CCPA, emphasizing that “we do not sell people’s data.”  Facebook already has tools to allow users to access and delete their information, wherever they live' although some of its critics 
challenge Facebook’s stance, since,  the company’s business model is based on collecting and monetising its users’ data.

Other commentator question how is a companies can ensure it is deleting the right customer’s data without collecting more information to verify them. Service provider agreements are another area where companies will have to take a close look at their practices; an agreement with a subcontractor or vendor should carefully spell out how any personal information is used or shared.

Most large tech companies, Steyer says, view the CCPA as being in their long-term interests because it will create more trust among consumers. 

“This is a landmark moment, it’s the first major comprehensive privacy legislation passed in the US since Zuckerberg was in kindergarten,” Steyer says. “But Facebook is trying to find ways to get around the law.”

The Verge:          Fast Company:           Varonis:          Techcrunch:        CNet:

You Might Also Read:

On Trend: Business Data Protection Laws:

 

 

« The Invisible Areas Of The World Wide Web
Top 20 Cyber Security Companies At The Start Of 2020 »

Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

WEBINAR: Shifting Your Network Security Architecture To The Cloud

WEBINAR: Shifting Your Network Security Architecture To The Cloud

Thursday, July 8, 2021 - In this webinar, SANS and AWS Marketplace will discuss how to adapt network security architecture and control implementation to a cloud-based model.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

aDolus

aDolus

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.