Few Businesses Are Ready For California’s New Consumer Data Privacy Law

In 2020, one of your New Year's resolution might be to have better control of your digital privacy.  Now in California, it's not just a resolution, it's the law. The problem, though, is that some companies are pushing back against key provisions of this California Consumer Privacy Act California Consumer Privacy Act (CCPA). 

As of January 1, Americans are now finally protected by a comprehensive online privacy law, at least, the nearly 40 million Americans living in California are. But as with Europe’s GDPR, General Data Protection Regulation from 2018, at least some aspects of the CCPA could extend beyond the state.

The California Consumer Privacy Act has been effective since January 1st 2020, and it doesn’t look like anyone, even the state of California itself, is totally ready.  Draft regulations for enforcing the law are still being finalized at the state level, and questions about specific aspects of the most sweeping privacy regulation since GDPR are still not clear. 

The crux of the CCPA is this: if your company buys or sells data on at least 50,000 California residents each year, you have to disclose to those residents what you’re doing with the data, and, they can request you not sell it. Consumers can also request companies bound by the CCPA delete all their personal data. 

Despite the handwringing ahead of its deadline last year, GDPR went as smoothly as could be expected. And Facebook and Google are already facing billion-dollar lawsuits over alleged violations of the GDPR, but it will be years before those suits are closed. 

Until that time, small companies will have only a muddled sense of how they might be vulnerable to the rule, and compliance continues to be something of a puzzle.But the CCPA is likely to be an even greater compliance challenge. It’s the first sweeping legislation in the US to give consumers control over how their personal information is used online, and may signal how other states will seek to protect their residents’ privacy. 

California Attorney General Xavier Becerra has said that even though widespread enforcement of the CCPA isn’t likely until July, companies should not view the first six months of the year as a grace period. “We’re going to try to help folks understand our interpretation of the law,” Becerra said, “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”

James Steyer, CEO of children’s privacy advocacy organisation Common Sense, says he thinks most companies are making good-faith efforts to get in compliance with the CCPA.

Microsoft has said that it plans to implement the provisions of the CCPA not just in California, but for all its customers, too. 
Facebook looks to be taking a different approach toward CCPA, emphasizing that “we do not sell people’s data.”  Facebook already has tools to allow users to access and delete their information, wherever they live' although some of its critics 
challenge Facebook’s stance, since,  the company’s business model is based on collecting and monetising its users’ data.

Other commentator question how is a companies can ensure it is deleting the right customer’s data without collecting more information to verify them. Service provider agreements are another area where companies will have to take a close look at their practices; an agreement with a subcontractor or vendor should carefully spell out how any personal information is used or shared.

Most large tech companies, Steyer says, view the CCPA as being in their long-term interests because it will create more trust among consumers. 

“This is a landmark moment, it’s the first major comprehensive privacy legislation passed in the US since Zuckerberg was in kindergarten,” Steyer says. “But Facebook is trying to find ways to get around the law.”

The Verge:          Fast Company:           Varonis:          Techcrunch:        CNet:

You Might Also Read:

On Trend: Business Data Protection Laws:

 

 

« The Invisible Areas Of The World Wide Web
Top 20 Cyber Security Companies At The Start Of 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: 2024 and beyond: Top six cloud security trends

ON-DEMAND WEBINAR: 2024 and beyond: Top six cloud security trends

Learn about the top cloud security trends in 2024 and beyond, along with solutions and controls you can implement as part of your security strategy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Information Network Security Agency (INSA) - Ethiopia

Information Network Security Agency (INSA) - Ethiopia

INSA's vision is to realize a globally competent National Cyber capability which plays a key role in protecting the national interests of Ethiopia.

Six Degrees Group

Six Degrees Group

Six Degrees is a specialist managed IT services organisation offering a range of solutions including Managed Security Services.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Smarsh

Smarsh

Smarsh products are designed for user-friendly, efficient compliance. From archiving, supervision, and discovery to cybersecurity – Smarsh has you covered.

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.