It’s the Most Wonderful Time of the Year!
What’s it time for? New legislature.
On the heels of the General Data Protection Regulation (GDPR) enactment in the European Union it’s not surprising that other governments would follow suit.
The first such law in the US is the California Consumer Privacy Act (CCPA) and is similar in the intent to provide privacy rights and consumer protection for the residents of California. Basically:
- Know what personal data is being collected about them
- Know if that personal data is sold, or disclosed and to whom
- Deny the sale of their personal data
- Have access to their personal data that you have
- Request deletion of their personal data
So, it’s stateside! And as most companies do business with residents of California, it’s something you need to be responsible and accountable for as a business.
Companies that have any one of the following:
- Have a gross revenue or $25 million dollars
- Possess the personal information of 50,000 or more consumers, households, or devices
- Earn more than 50% of their annual revenue selling consumers personal data
Happy New Year! CCPA went into effect January 1, 2020…Time is up!
Why should you care?
Well, there’s fines. Consumers and their attorneys can bring legal action for damages ranging from $100 to $750 per violation. That may not seem like a lot, however companies should be aware of the potential for class-action suits, which will most likely cause those amounts to increase greatly.
There is also a steep cost to your company’s reputation if you have a major breach or do not disclose how you’re using clients’ data.
And honestly, it makes you a good Corporate Citizen, showing you care about your clients’ information, privacy, and their trust in your organization.
What to do?
Take this seriously and have a plan. This isn’t something for one department. This involves at LEAST legal, marketing, and technology teams.
Check the data that you store, why you store it, and validate if you even need it. Don’t hold onto data you don’t need and please destroy it properly.
If you do find that you store personal data, be very clear why you need it, what you will do with it, and how long you will keep it. And please use all the latest in security and encryption to store your data. You do want to be able to sleep at night.
Have someone in your organization start putting a Data Protection and Compliancy plan together and designate someone or a team as point of contact should your clients have questions about the data you store for them. Don’t just say you care about protecting your clients and their data, really do it and champion it within your organization.
There are a lot of tools out there…let us know how we can help!