What that new California Consumer Privacy Law means for your company - Technical.ly Delaware

Business

Aug. 2, 2019 5:32 pm

What that new California Consumer Privacy Law means for your company

Ready or not, the CCPA is coming, bringing with it a potential host of headaches for tech companies and consumers across the country.
Always an important topic.

Always an important topic.

(Photo by Flickr user GotCredit, used under a Creative Commons license)

Ready or not, the California Consumer Privacy Act (CCPA) is coming, bringing with it a potential host of headaches for tech companies and consumers.

California passed the legislation — AB 375 — in June 2018. And while the law does not have some of the onerous requirements of the European Union’s General Data Protection Regulation (GDPR) which went into effect this past spring, experts note that in other respects it goes much farther.

The law, which goes into effect on January 1, 2020, covers many aspects of digital data privacy, including the right to know all of the data that businesses collect about you, the right to veto the sale of that information to third parties, the right to sue companies that collect your data and then suffer a security breach, and the right to delete any data you have posted.

Additionally, the law bars discrimination against consumers who decline to sell their data as well as includes the right for customers to know what categories of data will be collected prior to their collection, and to be apprised of any changes; mandatory opt-out; ad the right to know with whom the data is shared, among other stipulations.

So which companies are affected? All companies that serve California residents and have $25 million in annual revenue. Additionally, companies that have personal data on at least 50,000 people or that collect more than half of their revenue from the sale of personal data are also subject to the law.

Companies don’t have to be based in California or even have a physical presence there to fall under the law. They don’t even have to be based in the U.S.

What’s more, companies had to have their tracking systems in place by January 2019 since the law gives consumers that right to access all the data a company has collected on them during the previous 12 months. That’s a very tight timeframe.

The new law was discussed during a panel discussion at CompassRed Data Labs in Wilmington last week. “The Coming Wave of Consumer Privacy from GDPR to the Future” featured insights from three experts: William R. Denny, Esq., of Potter Anderson Corroon, LLP; Matthew Schneider, assistant professor of business analytics at Drexel University’s LeBow College of Business; and Pat Strickler, head of the analytics practice at CompassRed.

Advertisement

“It’s really interesting to see how ill-prepared a lot of businesses are for this coming wave of regulation,” said Strickler.

That’s not surprising when you consider that the CCPA takes a broader approach to what it considers “sensitive data” than the GDPR, said Schneider. For example, sensory information is covered, as is browsing history and an individual’s interaction with a particular app or website.

Pulling together that data, which is contained in multiple storage platforms, will also present a challenge, said Strickler.

The CCPA does not require businesses to report breaches and consumers must file complaints before fines can be levied. Strickler noted that the best course of action companies can take in terms of security is to know what constitutes privacy data under CCPA and take steps to secure it. In general, any company that is in compliance with the GDPR need not take further action under the CCPA in terms of securing data, he said.

The bill, which was cobbled together in seven days, contains many inconsistencies and that will invite a bumper crop of lawsuits, said Denny.

“The California attorney general will not have the time or bandwidth to track any infractions,” he said. “But all it will take is for an enterprising lawyer to find one or two individuals and that can result in a class action lawsuit. At that rate, the costs to a company can quickly mount”

Experts agreed that state-level momentum for privacy laws is at an all-time high.

“There have been eight CCPA-like laws introduced in state legislatures,” said Denny. “New York’s law came within a hair’s width of passing. Everybody wants privacy legislation but no one can agree on what it should look like.”

Companies: CompassRed
-30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Delaware tech groups eye Meetup alternatives after proposed RSVP fee

‘Stop asking for permission’ and other advice from women making a difference

Swim with the Sharks finalists to compete on Nov. 1

SPONSORED

Delaware

These hiring companies want to meet you at NET/WORK Suburbs

Philadelphia OR Baltimore

Technically Media

Technical.ly Editorial Intern (Spring 2019)

Apply Now

Horsham

Penn Mutual Life Insurance Co

Product Systems Specialist

Apply Now

Philadelphia, PA

Vistar Media

QA Engineer

Apply Now

The next ‘Conversations with Women’ panel aligns with African American art exhibition

Learn to unite nonprofits and businesses at this Oct. 15 panel

Why NET/WORK Suburbs?

SPONSORED

Delaware

Mastering the ‘halo effect’ in tech recruiting

Philadelphia

Vistar Media

Sr. Software Engineer

Apply Now

Philadelphia

Vistar Media

Front End Engineer

Apply Now

Malvern, PA

Vanguard

Full Stack Software Engineer – SRE

Apply Now

Sign-up for daily news updates from Technical.ly Delaware

Do NOT follow this link or you will be banned from the site!