California’s Consumer Privacy Act: A Blessing or A Curse in Disguise?
“When it comes to CCPA, don’t sleep on it!”
Have you ever thought about how companies know so much about us? They know what you do every day, how many people you live with, your likes and dislikes and a lot more personal information as such. Privacy has now become a thing of the past with every company advocating its rights to collect numerous data in order to be at the forefront of the marketing game.
Amid all this, the State of California came up with their own California Consumer Privacy Act or the CCPA in 2018, in order to safeguard its people by protecting their privacy. This decision passed by the government had repercussions of its own but what we fail to understand is, its effect on businesses, not just in California but all over the world. This act can be viewed differently from a consumer's standpoint or from a company’s eye. But first, let us get to know this Act a little more…
What is the California Consumer Privacy Act all about?
This law is intended to enhance privacy rights and consumer protection for residents of California, United States. It was passed by the Governor on June 28, 2018, and became effective on January 1, 2020.
The main points to take away from this Act are the rights that Californians get: information rights, opt-out rights, and deletion rights. Here’s what each one entails:
- Information Rights
Consumers can request the companies to provide information that is related to their own data. In doing so, the company is obligated to give the consumer all the data collected and it even goes to the extent of informing them about why it was collected or how it is being used.
- Opt-Out Rights
Companies have to comply with a consumer's request if they decide to opt-out of the sale of their personal information to third parties, which also includes data sharing.
- Deletion Rights
Consumers can request for their personal information to be deleted, which the company has to oblige to.
CCPA and Company Compliance
I recently came across an article, dated March 17, 2020, which talks about how entities who comply with this regulation will have to think about its effect on their current cloud infrastructure and the new development of cloud-native applications. They will have to identify where all the personally identifiable information (PII) is stored and how to process, validate and complete consumer information and consent requests.
Since many companies operate globally, this decision would impact them as they would have to segment people based on their location more critically now and they have to put in place systems that can help can share data with people from California easily. The article also talks about some suggestions that the company can implement like data mapping, data deletion mechanisms, audit trails for requests of data by consumers. An opt-in or opt-out system would also be beneficial for the easy facilitation of such requests.
Because of all this, companies have to start thinking about the impact on cloud journeys and they can leverage various tools like artificial intelligence (AI) for example, for data discovery, which will help companies know exactly where PII lives, so that they may efficiently comply with data subject requests. Companies should also be proactive and set up cloud infrastructures in order to be prepared for when it is put in place.
Is this a bane or a boon?
Being a consumer myself, I believe this is an extreme but genius decision taken by the State of California. I completely agree with protecting privacy of consumers as oftentimes companies misuse this data in order to create a futile need in the market. With such acts in place, transparency can be maintained and consent can be taken from people who want to protect their privacy. I believe this should be implemented in all States to ensure that the consumer’s rights are not violated by companies.
As for all the changes that the existing entities have to go through, well this is their time to come up with creative ways on how to make this data restriction work for them!
