In our data-fueled world, we’re seeing a record-breaking number of breaches. Take, for example, Facebook’s 2018 breach of nearly 50 million accounts. In 2019, the social media company made news again, when more than 540 million user records were exposed on Amazon cloud servers.
Unfortunately, data exploitation is not isolated to specific industries. For example, hackers gained access to sensitive information of 106 million Capital One customers across the United States and Canada. And Equifax encountered a breach, where the personal information of 147 million Americans was compromised.
Set to take effect January 1, 2020, with enforcement beginning July 1, 2020, the California Consumer Privacy Act (CCPA) is designed to give California residents more control over their personal information.
Giving consumers power over their data
A recent Pew Research Center study found that nearly half (49%) of Americans believe their personal information is less secure than it was a mere five years ago. With consumers becoming increasingly disillusioned that companies are taking adequate measures, the CCPA will enable individuals to take a more active role in monitoring and protecting their personal information. Although the regulation consists of complex data safeguards, consumer rights can be grouped into five high-level categories:
- Businesses must inform consumers of their intent to collect personal information.
- Consumers have the right to know what personal information a company has collected, where the data came from, how it will be used, and with whom it’s shared.
- Consumers have the right to prevent businesses from selling their personal information to third parties.
- Consumers can request businesses to remove personal information the business has on them.
- Businesses are prohibited from charging consumers different prices or refusing service, even if the consumer exercised their privacy rights.
What can Californians expect the morning of January 1, 2020? Many say our experience will mirror that of the European Union (EU). Last year the EU put into effect the General Data Protection Regulation (GDPR)—a data protection and privacy regulation for EU citizens. On the morning it went into effect, individuals awoke to a flood of GDPR notifications in their email boxes.
The clock is ticking . . . will you be in compliance?
With its comprehensive information privacy requirements and extensive reach, businesses need to take a hard look at their personal data-governance capabilities and processes. And for many, CCPA compliance will require them to make sweeping changes.
According to a 2018 PwC survey, 64% of businesses had not yet started to prepare for CCPA regulations. With only 52% of respondents expecting to be compliant by 2020, CCPA compliance by the January 1st deadline varies by industry:
- Financial services: 58%
- Telecommunications, media, and technology: 56%
- Health sector: 47%
- Retail and consumer: 46%
- Industrial products: 44%
- Other: 61%
Have you put off starting your compliance journey? Have you begun the process, but find yourself challenged by the fast-approaching deadline? The following can help ease the burden and make the changes you need to implement less overwhelming.
- Evaluate your current capabilities by identifying and classifying personal data.
- Take a look at your data-governance capabilities.
- Create a strategy to monetize data in a way that meets CCPA privacy regulations.
- Take stock of your privacy controls, keeping an eye out for gaps in meeting CCPA requirements. Then prioritize the processes and technologies that need to be updated.
- Be proactive and set up a CCPA program management office to handle regulations accountability, remediation, and implementation.
- Implement regulation monitoring procedures to ensure your business continues to be in compliance over the long run.
Extending beyond the California borders
Even if your for-profit company isn’t located in the Golden State, you may still be on the hook to comply. Do you do business or have customers (or potential customers) in California? If you answered yes, and you meet one of the following criteria, your company must conform to CCPA regulations.
- Your annual gross revenue is more than $25 million.
- Your organization receives, shares, or sells personal information of more than 50,000 individuals.
- Your company earns 50% or more of its annual revenue from selling personal information of consumers.
Businesses will benefit, too
Consumers want to do business with companies that protect their data privacy. As a compliant organization, you’ll be able to market your adherence, which in turn can help boost sales and customer loyalty.
Not to be discounted is the personal information you collect. You’ll know exactly where the information came from and have better control of its accuracy, enabling you to really know your customers and improve your marketing strategies.
Don’t meet the criteria? Many states are using the CCPA as a template to draw up their own acts. It’s just a matter of time before privacy regulations will affect your business. My recommendation? Get started now on ensuring your prospects and customers have the privacy and security we would want for ourselves.
The post The CCPA is Bound to Impact Your Business: Are you Prepared? appeared first on AllBusiness.com
The post The CCPA is Bound to Impact Your Business: Are you Prepared? appeared first on AllBusiness.com. Click for more information about Brenda Stoltz.