The frenzied growth of the digital ecosphere has been eerily similar to America’s Wild West.
We’ve had few rules, even fewer ways to enforce them and a whole lot of people playing fast and loose with their most valuable possessions – in this case, their personal information.
Well, now there’s a new sheriff in town, and its name is the California Consumer Privacy Act. And while CCPA’s jurisdiction extends only as far as the California state line, word on the street is that other states will soon follow California’s lead and start pinning badges on their own data sheriffs. So, it’s in everyone’s best interest to understand these new personal data guidelines and how they apply to your particular business.
Let’s start with the basics. According to those with insight into the new act, the CCPA provides California residents with the right to:
- Know what personal data is being collected about them.
- Know whether their personal data is sold or disclosed, and to whom
- Say no to the sale of their personal data
- Access their personal data
- Request a business to delete any personal information about a consumer collected from that consumer
- Not be discriminated against for exercising their privacy rights
That all sounds pretty reasonable right? But if you don’t have systems and safeguards in place to ensure that you can comply with these and all of the other more specific consumer rights stated in the CCPA, you could be setting yourself up for serious legal issues down the road. Even if you’re only using data being collected by a third party, you still have a responsibility to the consumer.
So, how do you deal with all of this?
- Get a good lawyer. Seriously. You need someone on your team who knows CCPA backward and forward. If you’re doing business in California, it’s probably best to engage an attorney there.
- Know your digital dataflow. Perform an internal audit or have your agency do it. You need to know how personal information is being used by your company so that you can better safeguard it.
- Get your digital assets up to date. Make sure your agency puts in place everything that is required to comply with CCPA and other state laws. That applies to emails, websites and anything else you use to gather or utilize personal info.
CCPA went into effect on January 1, 2020, but there’s a six-month grace period for you to get your digital house in order. Falling in line with CCPA now will make it easier to be compliant when other states roll out their own versions in the near future.