Recently, Scott Giordano, our VP of Data Protection, presented a webinar detailing changes and additions to the California Consumer Privacy Act (CCPA). Signed into law on June 28, 2018, the CCPA represents the most demanding state privacy regulation in the United States.
To watch the webinar on-demand, click here.
Here’s a quick overview of Scott’s presentation and analysis of CCPA:
What is CCPA?
Commonly known as California’s version of the EU’s General Data Protection Regulation (GDPR), the CCPA is much more complex, and as it is rolled out, will likely have global applicability. Officially effective on January 1, 2020, the CCPA includes GDPR-like requirements addressing the rights to access, delete, and transfer personal data with some key differences.
The consumer’s rights to access, delete, and transfer personal data within the guidelines of the current CCPA have a few principle distinctions from the GDPR. Empowering consumers with the right to prevent the sale of sensitive data to third parties is a primary difference between the two and will likely impact the business models of companies around the world.
Scott notes that it is important to realize that consumers will soon receive a flurry of notices asking to either “opt in” to the collection of data or to please “opt out” of the data collection. These notices will continue to increase as the implementation date of CCPA draws closer.
What Does CCPA Mean for your Organization?
The focal point of the statute centers around businesses and what the qualifications are for being subject to the laws. It is important to understand that CCPA will apply to all businesses that collect or use personal information, not just those companies in California. Because their long-arm statute gives them an extended jurisdiction, unless you operate wholly outside of California, you will be subject to the law.
So even if you have headquarters outside the state of California and have no physical operation there, if a resident of California engages with your company, you are subject to this Act. The significance and impact of this requirement is clear, because 20 percent of the nation’s population resides in California, making it virtually impossible not to make any sort of contact with anyone in that state.
Scott also outlines how CCPA is still very much a working document but failing to prepare for it now is preparing to fail in a disastrous way in the future. What is critically important to remember moving forward is that this is not just an “IT” problem. It’s a cross-functional issue and you’ll be doing your whole company a disservice if you put this all on the IT department. To learn more about the details and insights Scott mentioned, as well as the crucial advice he gave on preparation for the CCPA, watch the entire webinar linked below.
1) While GDPR is longer, CCPA is much more complex and likely has global applicability.
2) The right to prevent the sale of data to third parties is a primary difference between the two and will likely wreck the business models of many companies.
3) Creation/update of a data inventory is the most important element of complying with both regulations.
Data privacy and consumer rights will be major issues for organizations of all types moving into 2019. We will continue to stay ahead of the changing data privacy landscape and share our insights with you on a regular basis. Knowledge is power when it comes to preparing for and adhering to continuously changing regulations.
Click here to watch the webinar recording now.