Breaking News
CCPA: Exploring the Ups and Downs of the New Data Security Standard
The new law called the California Consumer Privacy Act, or CCPA, represents a major policy overhaul set to take effect on January 1, 2020. While the rule is a work of state legislation, it will have a big impact on businesses and consumers outside the state’s borders, too.
The CCPA is essentially California’s version of the existing General Data Protection Regulation, or GDPR, which went into effect in the EU back in 2018. Often explained as giving consumers a “right to be forgotten,” the GDPR empowers individuals to determine how their data is collected and used. Consumers in the EU can essentially opt-out of data collection by businesses if they choose to do so.
The CCPA doesn’t give Californians quite as much power as the GDPR. However, these consumers will still enjoy much more oversight than ever before regarding their data and how it’s collected and stored. And, like the GDPR, the CCPA also guarantees consumers the right to demand any business delete their personal information at any time.
There are three key concepts to keep in mind regarding the new law:
- Informed Consent: Consumers have autonomy over their data. The have the right to know what data you collect, how it’s stored, and who can access it.
- Right to Erasure: Consumers have the right to request that their data be destroyed at any time.
- Inherent Privacy: Your default privacy standards should be stringent, and you must disclose knowledge of any security breach immediately.
Why it Matters
Even if you’re not based in California…some of your customers may be. Under the law, if you do business with any individual in the state, you could still be subject to the regulations.
If you have more than $25 million in gross revenue or the data of more than 50,000 consumers, or if you make more than 50% of your revenue selling data, you will need to comply with the law. The only other option would be to reject any online traffic from California. And, given that the state is now the world’s fifth-largest economy…that’s not really an option in most cases.
Why are California lawmakers doing this? Well in some ways, the CCPA takes the basic goal of the GDPR—safer and more secure privacy standards for consumers—and refines it. For instance, EU entities are required to ask permission before collecting any data, which can be a logistical nightmare depending on the volume of data you manage. The CCPA applies to a broader range of information, though, such as IP address, browsing history, and behavioral data.
Like the GDPR, the CCPA is a far-reaching piece of legislation. Once in place, the rules will fundamentally transform the market…for better or worse.
CCPA Problems
The main concerns regarding CCPA rollout will be inconsistency and confusion, plus the prospect of increased risk for businesses. For instance, you may have incomplete data sets once the CCPA takes effect.
A consumer can submit an arbitrary demand that you erase their data. This could make it harder to identify trends, as well as developing threat sources. With incomplete data, you won’t be able to deploy fraud prevention tools and strategies with as much precision as you could if you had complete and detailed information.
That’s not just an individual problem, either. Collated consumer data is a key resource for developing new fraud prevention tools and tactics. But, if we can’t rely on consistent, in-depth transaction data to build out profiles of consumers and risk factors, it’s harder to ensure accuracy.
I don’t want to give the impression that the California Consumer Privacy Act is a bad thing. Ensuring that consumers have a right to privacy and are protected against abuse is very important. However, the law as it exists now puts a lot of the burden on businesses, but offers little in return.
AUTHOR BIO:
Monica Eaton-Cardone is an international entrepreneur, speaker, and author. She is the Co-Founder and COO of Chargebacks911 (https://chargebacks911.com/), a global risk mitigation firm helping online merchants optimize their profitability, with offices in North America and Europe.
- Foundation Risk Partners and Version 1 to Revolutionise Business Operations With AI Solutions Read more
- Eminence Home Care Teams Up With DailyPay To Modernize Benefits Offerings Read more
- Trading Technologies Launches TT® Broker Scorecard Read more
- Dfns Secures $16M to Expand its Crypto Wallet Infrastructure for Finance Read more
- Computop Integrates Wero Into Mobility Offer ‘Pay to Drive’ Read more