Wednesday, Jan 22 2020

How Companies Should Adjust to the New Digital Privacy Laws in California

Written by

How Companies Should Adjust to the New Digital Privacy

As the number of significant data breaches rose and privacy scandals dominated headlines, consumer outrage grew. In response, some governments began creating new laws designed to protect people from the negligent acts of companies. Failing to comply with the regulations comes with serious consequences.

The California Consumer Privacy Act (CCPA) - California’s new digital privacy laws - went into effect on January 1, 2020. It’s similar to GDPR, placing new compliance requirements on various companies that do business with California consumers.

Adjusting to the new requirements might seem challenging, but it is a necessity for any organization that is required to comply. If you want to make sure you are making the right changes, here are some tips that can help.

Understand CCPA

First and foremost, you need to spend time combing through CCPA. Ignorance of the law doesn’t serve as a defense, so it’s best to review it thoroughly. The law provides consumers in California with a significant amount of new protections regarding the collection and use of their data. Organizations are required to comply if they have online revenues that exceed $25 million and have customers in the state.

Companies that end up non-compliant face massive fines. Additionally, consumers have the right to file lawsuits against businesses that are negligent in specific scenarios, which could drive costs even higher.

Audit Company Practices

If you want to protect your company by ensuring you are complying with CCPA, conducting a company-wide audit and reviewing your data collection, storage, and sharing practices is essential. Otherwise, you won’t be fully aware of your current state, and that makes it harder to implement any necessary changes.

Additionally, you need to look beyond your business. If you partner with third parties who have access to any consumer data, you need to audit these relationships, as well. A third party’s non-compliance could fall back on your company.

Plan for New Requirements

Since CCPA aims to give consumers more control over their data, you need to make sure you have mechanisms in place that allow them to take specific actions. For example, consumers need the ability to tell a company that they don’t want to be tracked in a circle that is smaller than ¾ of a mile across for ad targeting purposes. If you don’t have an option that allows consumers to assert that preference, you need to create one. Similarly, you have to build reporting mechanisms that enable consumers to learn what data has been collected on them, what data has been sold, and which company received the purchased information.

Many of these requirements will require technical changes. If you have put the proper mechanisms in place yet, then doing so should be a priority.

Ultimately, CCPA has strict requirements, and failing to comply comes with serious consequences. Additionally, it may be a sign of the changing times, and companies should anticipate that other states may follow suit and create new laws. That way, even if you aren’t affected by CCPA, you maintain a proactive mindset. By working to offer consumers more control and protections now, you are getting ahead of the wave.

Learn More from The Armada Group

If you’d like to learn more, the professionals at The Armada Group can help. Contact uswith your questions today.