The California Consumer Protection Act (CCPA) is due to become enforceable on January 1, 2020. Corporations, government agencies and other groups will be using 2019 to prepare for the new legislation.
The proposed legislation allows Californian residents the following rights regarding their personal information:
- The right to know what personal information is being gathered about them.
- The right to access the personal data collected in relation to them and request it be deleted, although there are exceptions to the right to delete.
- The right to know whether their personal information is sold for profits or shared.
- The right to refuse permission for the sale of their personal information.
- The right to have equal service and pricing even if they choose to use their rights under the CCPA.
Recently a number of hearings have been held by the Californian attorney general’s office in order to gather industry views ahead of the introduction of the new regulation. There will be further reviews held on the western seaboard during February 2019. California Attorney General Xavier Becerra (D), who is overseeing the introduction of the new law, commented at the review saying: “People will recognize who’s supposed to be protecting them because right now, [it’s] no one — there’s nobody.”
Among the groups present at the hearings to give their views were the Association of National Advertisers (ANA) and the Interactive Advertising Bureau. Both of these organisations are requesting amendments to the terms. A spokesperson for the ANA, Dan Jaffe said there is a danger that, unless the necessary amendments are made to the legislation, the CCPA could have serious implications for loyalty schemes. He said: “It’s just like talking about the fundamental piece of the body and acting as if you can just discuss it and change it dramatically without talking about the others.”
US companies should attempt to prepare for the new data protection legislation sooner rather than later. There will be a number of business opportunities to be gained by achieving compliance and avoiding any possible financial penalties for a data privacy breach. Law firm Baker McKenzie has produced a report which examined the different formats of compliance and revealed that 68% of companies in the technology, media and telecommunications sectors claim to have had compliance breaches revealed by a regulator.
William Devaney, Co-chair of Baker McKenzie’s global compliance and investigations unit, said that linking compliance through a company can lead to growth as it encourages communications and funding across all departmental levels of the company. He said: “The manager at every level of an organisation should have it ingrained in them that the company is going to behave in a compliant manner.”
