Ever on the cutting edge, California delves into the new
frontier of data protection with its California
Consumer Privacy Act (CCPA), effective January 1, 2020.
This piece of legislation seeks to protect the way information about consumers is used by businesses and other organizations.
More importantly, for businesses, avoiding privacy violations will be paramount if legal retribution and financial damage are to be avoided.
This piece of legislation seeks to protect the way information about consumers is used by businesses and other organizations.
More importantly, for businesses, avoiding privacy violations will be paramount if legal retribution and financial damage are to be avoided.
What CCPA Means for Your Business
The government of California feels that businesses, who were
previously required to take “reasonable” steps to safeguard consumer
information, did so insufficiently. Now, businesses whose customers are
residents of California must do the following:
- Implement and maintain security systems & procedures
- Protect consumers’ personal information from unauthorized disclosure.
- Must not destroy, use, modify, access, or disclose consumers’ personal information without consent.
- Protect consumers’ information from security breaches.
How to Protect Your Business
First, your business needs to consider how well its privacy
procedures are actually working.
Businesses who invest in a privacy audit aren’t wasting money. Taking such action can expose areas where work is needed. Before you seek out a consultant, consider how your organizations stands in these five areas:
Businesses who invest in a privacy audit aren’t wasting money. Taking such action can expose areas where work is needed. Before you seek out a consultant, consider how your organizations stands in these five areas:
1. Do you document the consumer data you collect?
Firstly, under the CCPA, consumers can request to know what
data has been collected about them, so you’d better be prepared to divulge.
Secondly, any third-party involvement you have may also be collecting data on
your behalf, and you need to be aware of such activity.
A procedure for informing consumers of this information
needs to be in place and ready to go. In July 2020, consumers can rightfully
demand to know.
[Related: 3
Secure Communications Tips for Journalists]
2. Keep track of the “personal information” you collect about consumers.
The CCPA defines “personal information” as “Identifiers such
as a real name, alias, postal address, unique personal identifier, online
identifier, internet protocol address, email address, account name, social
security number, driver’s license number, passport number or other similar
identifiers” as well as, “a broad list of characteristics and behaviors, both
personal and commercial, as well as inferences drawn from this information” (source).
So from the information your organization collects, you must
be able to determine what of it is considered “personal.”
3. Be prepared to be responsible for data collected by third-parties.
The government of California intends to hold the owners of
the business responsible for the data collected by third-parties.
This especially holds true for third-party tags, or the Java code generated by ad servers.
If your advertising agencies use such technology, then you need to know what data they are collecting, and how they are using it.
This especially holds true for third-party tags, or the Java code generated by ad servers.
If your advertising agencies use such technology, then you need to know what data they are collecting, and how they are using it.
Crucial need-to-know information:
1. What third-party data collectors do you have?
2. What information are they collecting?
3. With whom are they sharing this information?
[Related: The
Best Secure Dropbox Alternative]
4. Generate an opt-out policy that is both easy to find and understand.
Having identified all of the previous data-collection
information, you need to proceed with a strong opt-out policy. This policy
needs to be conspicuous. Users must identify a link where they can expect to
opt-out of having their information sold.
Keep in mind that the CCPA outlines what constitutes a proper opt-out policy. Definitely do your research to make sure that your business is compliant. Trying to shirk this requirement is unwise.
5. Protect minors’ rights to privacy by setting up a parental consent procedure.
Minors’ personal information cannot be sold unless they
opt-in, and this process needs to be clearly outlined and compliant.
Data sharing cannot take place without the consent of the legal guardian. So, take the time to set in place compliant procedures to avoid fines and penalties.
Data sharing cannot take place without the consent of the legal guardian. So, take the time to set in place compliant procedures to avoid fines and penalties.
Is Avoiding Privacy Violations Worth It?
Well, aside from preventing legal woes and fines, the bottom
line is yes. California has long set legislative trends when it comes to the
rights of individuals, heralding new standards for other governmental bodies to
follow.
So, while you may not feel the pressure to comply with this standard now, chances are you will have to in the future.
So, while you may not feel the pressure to comply with this standard now, chances are you will have to in the future.
Furthermore, the unauthorized sale of personal data or the
promise to protect such data doesn’t
sit well with most American consumers. Being forthcoming and sincere about
protecting your customers’ personal data creates a sense of trust that pays off
in the long run.
If you’re concerned about protecting your clients’ personal
data, contact the security experts at Trustwire today.
No comments:
Post a Comment