Few Businesses Are Ready For California’s New Consumer Data Privacy Law

In 2020, one of your New Year's resolution might be to have better control of your digital privacy.  Now in California, it's not just a resolution, it's the law. The problem, though, is that some companies are pushing back against key provisions of this California Consumer Privacy Act California Consumer Privacy Act (CCPA). 

As of January 1, Americans are now finally protected by a comprehensive online privacy law, at least, the nearly 40 million Americans living in California are. But as with Europe’s GDPR, General Data Protection Regulation from 2018, at least some aspects of the CCPA could extend beyond the state.

The California Consumer Privacy Act has been effective since January 1st 2020, and it doesn’t look like anyone, even the state of California itself, is totally ready.  Draft regulations for enforcing the law are still being finalized at the state level, and questions about specific aspects of the most sweeping privacy regulation since GDPR are still not clear. 

The crux of the CCPA is this: if your company buys or sells data on at least 50,000 California residents each year, you have to disclose to those residents what you’re doing with the data, and, they can request you not sell it. Consumers can also request companies bound by the CCPA delete all their personal data. 

Despite the handwringing ahead of its deadline last year, GDPR went as smoothly as could be expected. And Facebook and Google are already facing billion-dollar lawsuits over alleged violations of the GDPR, but it will be years before those suits are closed. 

Until that time, small companies will have only a muddled sense of how they might be vulnerable to the rule, and compliance continues to be something of a puzzle.But the CCPA is likely to be an even greater compliance challenge. It’s the first sweeping legislation in the US to give consumers control over how their personal information is used online, and may signal how other states will seek to protect their residents’ privacy. 

California Attorney General Xavier Becerra has said that even though widespread enforcement of the CCPA isn’t likely until July, companies should not view the first six months of the year as a grace period. “We’re going to try to help folks understand our interpretation of the law,” Becerra said, “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”

James Steyer, CEO of children’s privacy advocacy organisation Common Sense, says he thinks most companies are making good-faith efforts to get in compliance with the CCPA.

Microsoft has said that it plans to implement the provisions of the CCPA not just in California, but for all its customers, too. 
Facebook looks to be taking a different approach toward CCPA, emphasizing that “we do not sell people’s data.”  Facebook already has tools to allow users to access and delete their information, wherever they live' although some of its critics 
challenge Facebook’s stance, since,  the company’s business model is based on collecting and monetising its users’ data.

Other commentator question how is a companies can ensure it is deleting the right customer’s data without collecting more information to verify them. Service provider agreements are another area where companies will have to take a close look at their practices; an agreement with a subcontractor or vendor should carefully spell out how any personal information is used or shared.

Most large tech companies, Steyer says, view the CCPA as being in their long-term interests because it will create more trust among consumers. 

“This is a landmark moment, it’s the first major comprehensive privacy legislation passed in the US since Zuckerberg was in kindergarten,” Steyer says. “But Facebook is trying to find ways to get around the law.”

The Verge:          Fast Company:           Varonis:          Techcrunch:        CNet:

You Might Also Read:

On Trend: Business Data Protection Laws:

 

 

« The Invisible Areas Of The World Wide Web
Top 20 Cyber Security Companies At The Start Of 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

Pareteum

Pareteum

Pareteum is a leading Global provider of mobile networking software and services. Our mission is to provide a single solution to the problem of fully enabling and securing the Mobile Cloud.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Cyber Security Consulting Services to help you secure your mission-critical systems.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.