To protect personally identifiable data, California recently passed one of the strictest data privacy laws in the nation – ever!
The California Consumer Privacy Act of 2018 will regulate how companies store data. It will also require them to disclose the types of data they collect and allow consumers to opt out of having their data sold. The law, which passed in late June, gives consumers the power to prevent companies from selling their personal information. Echoing the set of restrictive rules General Data Protection Regulation (GDPR) enacted earlier this year by the European Union, the legislation will almost certainly be the subject of intense lobbying from the tech giants that vacuum up all the data.
What’s important to know right now?
- Similar to GDPR compliance, this legislation will give consumers more control over their personal information and ensure companies are following the proper data procedures when it comes to collection, processing, and storage.
- The California Consumer Privacy Act of 2018 is set to dramatically change how businesses handle data in the most populous state. Companies that store large amounts of personal information — including major players like Google and Facebook — will be required to disclose the types of data they collect, as well as allow consumers to opt out of having their data sold. The bill, which passed both chambers unanimously, was signed by Gov. Jerry Brown.
- The consumer privacy law that California’s governor signed into law on June 28 is considered the strongest, most aggressive privacy protection measure in the United States today – setting a new precedent for data protection for businesses in the United States.
- The new California law, which takes effect on Jan. 1, 2020, will require that companies tell state residents what information the company is collecting and how it’s used. It also gives people options to ask the company to delete or stop selling that information. The law does not prevent companies from collecting people’s information or give people an option to ask a company to stop collecting their information, differentiating it from GDPR information management.
“It’s important for American companies currently serving clients in the EU to realize that GDPR will impact the way they manage sensitive information. Complying with GDPR’s information management standards is a priority and really, in many ways, it is an opportunity overall for companies in the United States to step back and take a solid assessment of their information management best practices,” reports CompuData’s Client vCIO Andrew Rosado. “The handling of PII across multiple systems is vitally critical – there is a huge level of accountability in the management of a person’s information – and now we have California’s legislation that is even more centrally focused on the consumer. California has essentially set the precedent and I predict other states will follow.”
What does this mean for businesses?
“Similar to GDPR, the California legislation will require more transparency and accountability. In the wake of huge data breaches (Equifax) and breaches in consumer trust (Facebook), California is ensuring that consumers are protected,” CompuData’s Rosado explains. “Consumers data will need to be secured and managed appropriately, security will become an even larger topic of discussion, and the ethical implications of ‘whose data is it?’ will be in the spotlight. For businesses today, this means that the ‘free mining of oil‘ is coming to a close – our data being the oil – and regulation will help ensure there are limits to how data is collected and utilized moving forward.”
What to do?
With stringent data protection laws increasing, it’s probably a good idea to brush up on the latest data protection and cyber security best practices – and determine where your company might be weak, especially when it comes to workforce cyber security awareness and employee data safety training. For example, according to over 1,700 IT service providers, the lack of cyber security awareness among employees is a leading cause of a successful ransomware attack. For cyber criminals, it is the easiest method for obtaining access to a private corporate system. Employee awareness of social engineering is essential for ensuring corporate cyber security.