That Doesn’t Apply to Us – California Privacy Act
The US has been somewhat lax, or too afraid of big business, to address consumer data privacy, or lack thereof. I have always thought people from California were, well, not like us, if you know what I mean. They were just different, and the refrain when speaking about those from California was simply, “Oh, they’re from California.” I have changed my mind. I will never say that again, unless it’s in a positive way. I applaud California lawmakers in taking steps on privacy, sort of.
Quite simply, the California Consumer Privacy Act (CCPA) provides a series of new rights to California’s consumers on how their personal data is collected, used, and sold. Although not taking effect until 2020, consumers will be able to request all data relating to them, going back 12 months or to January of 2019. Hope you were ready in January. But you are fully compliant with General Data Protection Regulation (GDPR), so no worries. Right?
What does CCPA AB 375, as it is fondly referred to, do then? It gives Californian consumers the right to request from any business the types and categories of data that have been collected. The business must also disclose the purpose of collecting the data. If the personal data has been sold to a third party, the business must supply the name of the third party and the reason the data was sold.
As a Californian citizen, you can also request to have your personal data deleted. As a consumer, I don’t feel the law imposes undue hardship on companies, as it isn’t outrageous to expect businesses to know what is in the data they possess. However, the GDPR compliance issue highlighted the fact that many companies actually don’t know what is in their data, sorry to say. If GDPR passed you by, I suggest you take notice of this law.
What’s the downside for businesses? We’ll look at some of those issues in our next blog. It is the usual Chicken Little attitude, “The sky is falling.” And guess what? It never does.