Wednesday, June 19, 2019

Avoiding Privacy Violations: Why Not Acting Now is Risky Business

Ever on the cutting edge, California delves into the new frontier of data protection with its California Consumer Privacy Act (CCPA), effective January 1, 2020.

This piece of legislation seeks to protect the way information about consumers is used by businesses and other organizations.

More importantly, for businesses, avoiding privacy violations will be paramount if legal retribution and financial damage are to be avoided. 

What CCPA Means for Your Business

The government of California feels that businesses, who were previously required to take “reasonable” steps to safeguard consumer information, did so insufficiently. Now, businesses whose customers are residents of California must do the following:
  • Implement and maintain security systems & procedures
  • Protect consumers’ personal information from unauthorized disclosure.
  • Must not destroy, use, modify, access, or disclose consumers’ personal information without consent.
  • Protect consumers’ information from security breaches.

How to Protect Your Business

First, your business needs to consider how well its privacy procedures are actually working.

Businesses who invest in a privacy audit aren’t wasting money. Taking such action can expose areas where work is needed. Before you seek out a consultant, consider how your organizations stands in these five areas:

1. Do you document the consumer data you collect?

Firstly, under the CCPA, consumers can request to know what data has been collected about them, so you’d better be prepared to divulge. Secondly, any third-party involvement you have may also be collecting data on your behalf, and you need to be aware of such activity.

A procedure for informing consumers of this information needs to be in place and ready to go. In July 2020, consumers can rightfully demand to know.

2. Keep track of the “personal information” you collect about consumers.

The CCPA defines “personal information” as “Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers” as well as, “a broad list of characteristics and behaviors, both personal and commercial, as well as inferences drawn from this information” (source).

So from the information your organization collects, you must be able to determine what of it is considered “personal.”

3. Be prepared to be responsible for data collected by third-parties.

The government of California intends to hold the owners of the business responsible for the data collected by third-parties.

This especially holds true for third-party tags, or the Java code generated by ad servers.

If your advertising agencies use such technology, then you need to know what data they are collecting, and how they are using it.

Crucial need-to-know information:

1. What third-party data collectors do you have?
2. What information are they collecting?
3. With whom are they sharing this information?

4. Generate an opt-out policy that is both easy to find and understand.

Having identified all of the previous data-collection information, you need to proceed with a strong opt-out policy. This policy needs to be conspicuous. Users must identify a link where they can expect to opt-out of having their information sold.

Keep in mind that the CCPA outlines what constitutes a proper opt-out policy. Definitely do your research to make sure that your business is compliant. Trying to shirk this requirement is unwise.

5. Protect minors’ rights to privacy by setting up a parental consent procedure.

Minors’ personal information cannot be sold unless they opt-in, and this process needs to be clearly outlined and compliant.

Data sharing cannot take place without the consent of the legal guardian. So, take the time to set in place compliant procedures to avoid fines and penalties.

Is Avoiding Privacy Violations Worth It?

Well, aside from preventing legal woes and fines, the bottom line is yes. California has long set legislative trends when it comes to the rights of individuals, heralding new standards for other governmental bodies to follow.

So, while you may not feel the pressure to comply with this standard now, chances are you will have to in the future.

Furthermore, the unauthorized sale of personal data or the promise to protect such data doesn’t sit well with most American consumers. Being forthcoming and sincere about protecting your customers’ personal data creates a sense of trust that pays off in the long run.

If you’re concerned about protecting your clients’ personal data, contact the security experts at Trustwire today.

No comments:

Post a Comment

The Best Ways to Share Files Securely

In our fast-paced, electronic-device driven world, in-person document delivery rarely occurs. In business situations, we collaborate and ...