What that new California Consumer Privacy Law means for your company - Technical.ly Delaware

Business

Aug. 2, 2019 5:32 pm

What that new California Consumer Privacy Law means for your company

Ready or not, the CCPA is coming, bringing with it a potential host of headaches for tech companies and consumers across the country.

Always an important topic.

(Photo by Flickr user GotCredit, used under a Creative Commons license)

Ready or not, the California Consumer Privacy Act (CCPA) is coming, bringing with it a potential host of headaches for tech companies and consumers.

California passed the legislation — AB 375 — in June 2018. And while the law does not have some of the onerous requirements of the European Union’s General Data Protection Regulation (GDPR) which went into effect this past spring, experts note that in other respects it goes much farther.

The law, which goes into effect on January 1, 2020, covers many aspects of digital data privacy, including the right to know all of the data that businesses collect about you, the right to veto the sale of that information to third parties, the right to sue companies that collect your data and then suffer a security breach, and the right to delete any data you have posted.

Additionally, the law bars discrimination against consumers who decline to sell their data as well as includes the right for customers to know what categories of data will be collected prior to their collection, and to be apprised of any changes; mandatory opt-out; ad the right to know with whom the data is shared, among other stipulations.

So which companies are affected? All companies that serve California residents and have $25 million in annual revenue. Additionally, companies that have personal data on at least 50,000 people or that collect more than half of their revenue from the sale of personal data are also subject to the law.

Companies don’t have to be based in California or even have a physical presence there to fall under the law. They don’t even have to be based in the U.S.

What’s more, companies had to have their tracking systems in place by January 2019 since the law gives consumers that right to access all the data a company has collected on them during the previous 12 months. That’s a very tight timeframe.

The new law was discussed during a panel discussion at CompassRed Data Labs in Wilmington last week. “The Coming Wave of Consumer Privacy from GDPR to the Future” featured insights from three experts: William R. Denny, Esq., of Potter Anderson Corroon, LLP; Matthew Schneider, assistant professor of business analytics at Drexel University’s LeBow College of Business; and Pat Strickler, head of the analytics practice at CompassRed.

Advertisement

“It’s really interesting to see how ill-prepared a lot of businesses are for this coming wave of regulation,” said Strickler.

That’s not surprising when you consider that the CCPA takes a broader approach to what it considers “sensitive data” than the GDPR, said Schneider. For example, sensory information is covered, as is browsing history and an individual’s interaction with a particular app or website.

Pulling together that data, which is contained in multiple storage platforms, will also present a challenge, said Strickler.

The CCPA does not require businesses to report breaches and consumers must file complaints before fines can be levied. Strickler noted that the best course of action companies can take in terms of security is to know what constitutes privacy data under CCPA and take steps to secure it. In general, any company that is in compliance with the GDPR need not take further action under the CCPA in terms of securing data, he said.

The bill, which was cobbled together in seven days, contains many inconsistencies and that will invite a bumper crop of lawsuits, said Denny.

“The California attorney general will not have the time or bandwidth to track any infractions,” he said. “But all it will take is for an enterprising lawyer to find one or two individuals and that can result in a class action lawsuit. At that rate, the costs to a company can quickly mount”

Experts agreed that state-level momentum for privacy laws is at an all-time high.

“There have been eight CCPA-like laws introduced in state legislatures,” said Denny. “New York’s law came within a hair’s width of passing. Everybody wants privacy legislation but no one can agree on what it should look like.”

Companies: CompassRed
-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Instagram roundup: Zap World Champs of Skimboarding returns to Dewey

Is Wilmington ready to build relationships with its houseless community?

Do you understand the Freedom of Information Act?

SPONSORED

Delaware

Verizon is looking for the brightest ideas on how to use its 5G technology

New Castle

Wilmington University

Web Developer (Full-Time)

Apply Now
Philadelphia OR Baltimore

Technically Media

Technical.ly Editorial Intern (Fall 2019)

Apply Now
Delaware

Young Conaway

Entry-Level Corporate Legal Administrative Assistant

Apply Now

Escape the August heat with cool AI tech

Highlights from #MILLSUMMIT’s leadership-focused first day

Super Meetup Delaware 2019 was really super

SPONSORED

Delaware

Escape the August heat with cool AI tech

Delaware

Tech Solutions Inc

NOC (Network Operations Center) Technician

Apply Now
Wilmington

BlackRock

Analyst, Recruiting Coordinator

Apply Now
Malvern, PA

Vanguard

Senior Front End Engineer – CX Journey Lab

Apply Now

Sign-up for daily news updates from Technical.ly Delaware

Do NOT follow this link or you will be banned from the site!