You may recall the recent blog postings in connection with the CCPA in California:
The California Consumer Privacy Act of 2018 ["CCPA"] is effective Jan. 1, 2019 will give Golden State residents the right to find out what a company knows about them and get it deleted — and to stop the company from selling it.
This is significant because due to California’s size and influence it could become a de facto national privacy law, since companies that are racing to comply with it may give these rights to non-Californians, too.
The Act will apply to companies with at least $25 million in revenue, personal information on at least 50,000 people, or earning at least half their money by selling consumers’ personal information.
- Next year, any Californian will be able to insist that a company disclose what data it’s keeping on them — and cease doing so.
- And from July 2020, Californians will be allowed to bring suit against businesses for data breaches. The California attorney general will also be able to bring enforcement actions.
Critics of the Act say it is overly broad and will have unintended consequences, opening the way to identity theft, dissatisfaction among consumers who find out how much information Corporate America has on them, and a feast for class-action law firms.
Business are trying to get their computer systems ready in time, spending millions of dollars on upgrades.
- U.S. retailers in particular are struggling, because many of them haven’t already had to deal with GDPR in Europe that took effect last year.
- Business will have to find a way to capture all their customer information and track it so you know what’s happening with that information – not easy and a significant undertaking for most companies. Unless you’ve been in a regulated space like health care or financial services.
- Consumer information can reside in lots of databases, and the same consumer can be listed under different names, addresses or nicknames. Computer architecture is a major challenge.
- Large companies are struggling with this because they have vast amounts of data, and small companies are struggling with this because they don’t have those resources.
While efforts to pass a federal privacy law have failed so far, companies think it’s certain that something like the California law will have a national impact— and soon other states will follow California’s lead — so they’re planning accordingly.
- Companies fully expect that people outside California will call them after Jan. 1 to demand that their data be deleted — or cease being sold — and many will comply.
- “The general consensus is that it’s an inevitability — not an “if” but a “when”, ‘which encourages company comply with privacy laws.
On the horizon, the Californian, real estate developer Alastair Mactaggart whose hard work led to the privacy law, is pushing for a 2020 state ballot initiative with more privacy protections. Consumers would have to opt in before companies could sell their data, the Washington Post reports.
The take away – consumers want to have more control over their data and want to have the foundational rights to access, correct and delete their data.”
Jorgensen & Company are not attorneys and do not offer any form of legal advice. Consult with appropriately qualified local counsel for more assistance. Rickard Jorgensen is President and Chief Underwriting Officer for the CPAGold™ program and may be contacted at (201) 345 2440 or firstname.lastname@example.org.