Few Businesses Are Ready For California’s New Consumer Data Privacy Law

In 2020, one of your New Year's resolution might be to have better control of your digital privacy.  Now in California, it's not just a resolution, it's the law. The problem, though, is that some companies are pushing back against key provisions of this California Consumer Privacy Act California Consumer Privacy Act (CCPA). 

As of January 1, Americans are now finally protected by a comprehensive online privacy law, at least, the nearly 40 million Americans living in California are. But as with Europe’s GDPR, General Data Protection Regulation from 2018, at least some aspects of the CCPA could extend beyond the state.

The California Consumer Privacy Act has been effective since January 1st 2020, and it doesn’t look like anyone, even the state of California itself, is totally ready.  Draft regulations for enforcing the law are still being finalized at the state level, and questions about specific aspects of the most sweeping privacy regulation since GDPR are still not clear. 

The crux of the CCPA is this: if your company buys or sells data on at least 50,000 California residents each year, you have to disclose to those residents what you’re doing with the data, and, they can request you not sell it. Consumers can also request companies bound by the CCPA delete all their personal data. 

Despite the handwringing ahead of its deadline last year, GDPR went as smoothly as could be expected. And Facebook and Google are already facing billion-dollar lawsuits over alleged violations of the GDPR, but it will be years before those suits are closed. 

Until that time, small companies will have only a muddled sense of how they might be vulnerable to the rule, and compliance continues to be something of a puzzle.But the CCPA is likely to be an even greater compliance challenge. It’s the first sweeping legislation in the US to give consumers control over how their personal information is used online, and may signal how other states will seek to protect their residents’ privacy. 

California Attorney General Xavier Becerra has said that even though widespread enforcement of the CCPA isn’t likely until July, companies should not view the first six months of the year as a grace period. “We’re going to try to help folks understand our interpretation of the law,” Becerra said, “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”

James Steyer, CEO of children’s privacy advocacy organisation Common Sense, says he thinks most companies are making good-faith efforts to get in compliance with the CCPA.

Microsoft has said that it plans to implement the provisions of the CCPA not just in California, but for all its customers, too. 
Facebook looks to be taking a different approach toward CCPA, emphasizing that “we do not sell people’s data.”  Facebook already has tools to allow users to access and delete their information, wherever they live' although some of its critics 
challenge Facebook’s stance, since,  the company’s business model is based on collecting and monetising its users’ data.

Other commentator question how is a companies can ensure it is deleting the right customer’s data without collecting more information to verify them. Service provider agreements are another area where companies will have to take a close look at their practices; an agreement with a subcontractor or vendor should carefully spell out how any personal information is used or shared.

Most large tech companies, Steyer says, view the CCPA as being in their long-term interests because it will create more trust among consumers. 

“This is a landmark moment, it’s the first major comprehensive privacy legislation passed in the US since Zuckerberg was in kindergarten,” Steyer says. “But Facebook is trying to find ways to get around the law.”

The Verge:          Fast Company:           Varonis:          Techcrunch:        CNet:

You Might Also Read:

On Trend: Business Data Protection Laws:

 

 

« The Invisible Areas Of The World Wide Web
Top 20 Cyber Security Companies At The Start Of 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

MIND

MIND

MIND is the first-ever data security platform that puts data loss prevention and insider risk management programs on autopilot, so you can automatically identify, detect and prevent data leaks.