As the number of data breaches continues to rise, so does the number of new cons.
One of the newest pieces of legislation to come into effect is the California Consumer Privacy Act (CCPA). Many of you may have read the headlines about impending CCPA legislation but may not be familiar with what the act actually means and its implications for businesses and consumers. This post is meant to give you a high-level summary of what you need to know regarding the act.
CCPA will come into effect in January 2020. You may have already heard of similar legislation, such as the European Union’s General Data Protection Regulation (GDPR). Companies, big and small, should be preparing themselves to comply with the CCPA unless they want to face hefty fines.
The California Consumer Privacy Act does three important things for consumer privacy:
1. The Act gives the consumer the opportunity to protect themselves and decide whether businesses can sell or share their information.
2. The Act puts control in the hands of the consumer. The consumer retains control of the information collected.
3. The Act requires that companies safeguard their consumer’s personal information.
The Act will put consumers in charge of their personal information and gives them four rights:
1. The right to know, through a general privacy policy, what personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold;
2. The right to opt out of allowing a business to sell their personal information to third parties. For consumers who are under 16 years old, the right not to have their personal information sold without their parents or their own opt-in;
3. The right to have a business delete their personal information upon request, with some exceptions; and
4. The right to receive equal service and pricing from a business, even if the user exercises their privacy rights under the Act.
While the CCPA covers many important aspects for consumer privacy, there are areas where it could have gone further.
The Act establishes that consumers have the right to opt-out and give consent to collect personal information. However, the Act falls short by not recognizing that most companies default to opting-in, therefore forcing consumers to take a required explicit action in order to opt-out. For consumers to be in control and protected, shouldn’t the reverse (opt-out by default) be the case?
This Act is a huge milestone for consumer privacy in the United States, however its reach doesn’t go far. CCPA addresses protecting personal information, although it is vague when it comes to data such as medical records and employee information. While it applies to a large number of companies, there are still many who can dodge the Act, leaving a lot of personal data unprotected. Due to the specific set of requirements for which companies have to observe, many companies will fall just outside of the scope and will not have to comply. The CCPA protects “consumers” in a very broad scope and with some more work, could go beyond its reach to better protect personal information across the board.
The CCPA only covers businesses with the personal data of consumers in California, which is why there is ongoing discussion about introducing an equivalent federal law. CCPA is being discussed as an ideal starting point from which to model a consumer privacy law for the entire United States.
Here at Anonyome Labs, we are a company built around the ethos of giving users complete control over their personal information. Legislation such as the CCPA and GDPR are ones we happily comply with, are ready for and hope they raise the standard globally. The wave for consumer privacy is big and Anonyome Labs is ready to ride it. What do you think of CCPA? Does it do enough to protect consumers personally identifiable information? Or is this a good first step?
