By now, we’ve certainly all heard about the GDPR, and many businesses around the world have felt its effects. The GDPR isn’t the only forward leap for data privacy making waves in 2018, though. California just passed the toughest and most comprehensive data privacy law that the States has ever seen—marking a huge leap forward for the nation.
The California Consumer Privacy Act of 2018 (CCPA) outlines legislation that will bring large companies that handle large data sets accountable for the ways they manage, store and dispose of the sensitive data available to them.
What You Need to Know
The law comes in response to a series of high profile privacy scandals surrounding the misuse of data in the USA. Californian citizens disclose personally identifiable information regularly – when buying a car, applying for a job and sometimes even just going out for dinner. A company can access information such as a customer’s address, marital status and, in some cases, even their geographical location. The misuse of this data can have catastrophic effects.
As detailed in the Act, “the unauthorized disclosure of personal information and the loss of privacy can have devastating effects for individuals, ranging from financial fraud, identity theft, and unnecessary costs to personal time and finances, to destruction of property, harassment, reputational damage, emotional stress, and even potential physical harm.”
As of July 2018, CCPA is the toughest in the U.S. – for companies that operate across the States, this could mean complying to the strictest law forces them to comply to the same level across operations.
Now, Californians have much more autonomy over their data. As per the Act:
(a) A consumer shall have the right to request that a business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of personal information the business has collected.
(b) A business that collects a consumer’s personal information shall, at or before the point of collection, inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. A business shall not collect additional categories of personal information or use personal information collected for additional purposes without providing the consumer with notice consistent with this section.
(c) A business shall provide the information specified in subdivision (a) to a consumer only upon receipt of a verifiable consumer request.
(d) A business that receives a verifiable consumer request from a consumer to access personal information shall promptly take steps to disclose and deliver, free of charge to the consumer, the personal information required by this section. The information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit this information to another entity without hindrance. A business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period.
(e) This section shall not require a business to retain any personal information collected for a single, one-time transaction, if such information is not sold or retained by the business or to reidentify or otherwise link information that is not maintained in a manner that would be considered personal information.
Because companies are now held accountable for the way they manage personal data, the importance of secure data disposal is more important than ever. Customers can request that a company delete their personal data at any time and may require proof of erasure. Blancco’s suite of data erasure products allow businesses to be compliant with the strictest data protection legislation around the world, providing a tamper-proof audit trail that proves compliance and ensures complete data sanitization.
Is your business compliant with the new regulation? Contact Blancco today to discuss your options, and read the full California Consumer Privacy Act of 2018 here.