by Ginevra Adamoli

What is the California Consumer Privacy Act of 2018? Influencers in the know break down the details

Dec 02, 2019

The California Consumer Privacy Act of 2018 is a bill intended to enhance online privacy rights and consumer protection for residents of California, United States. But the bill has national and global implications. Hereu2019s how to prepare your organization for compliance and protect your customers.

California Consumer Privacy Act  / CCPA  >  State flag superimposed on map and satellite view
Credit: GGuy44 / Skegbydave / Getty Images

It was only a matter of time before US created their own version of the EU’S General Data Protection Regulation (GDPR). However, unlike the EU who addresses digital privacy protection on a national level, the US is handling online privacy on the state level. California has led the charge with the California Consumer Privacy Act (CCPA) that was passed into law in 2018.

3 main takeaways from the California Consumer Privacy Act of 2018

CCPA is designed with consumers in mind and gives California residents some of the strongest online privacy protections in the country. Here are three main takeaways of the California Consumer Privacy Act of 2018:

  1. Residents have ownership over their data. A company cannot share or sell a customer’s personal information.
  2. Customers control the information that is collected about them by all companies.
  3. The burden is placed on organizations to protect customer data and personal information.

At the #IDGTECHtalk Twitter chat on November 21, we discussed the implact that the California Consumer Privacy Act will have on privacy across the country and internationally. The chat, led by Sumo Logic’s Chief Security Offer George Gerchow, explored the implications of CCPA on the enterprise. Here’s what we learned.

CCPA’s impact will vary greatly from organization to organization

For some organizations CCPA will require a total overhaul on their privacy policies, while others might only need to make minor changes due to existing GDPR compliance. But as Kayne McGladrey, Chief Information Security Officer at Pensar Development, pointed out, there will certainly  be another round of endless privacy disclosure emails.

I think we’re going to see something like the privacy notification email deluge we saw with the roll out of GDPR. Because we all need more emails. #IDGTechTalkKayne McGladrey, Director of Security and Information Technology at Pensar Development

If a firm has no #PII for Californians, zero to do. If they do, lots to do. If they already dealt w/ #GDPR, then it’s relatively easy. But if they haven’t, it’s a massively HUGE endeavor. – Ben Rothke, Senior Information Security Specialist at Tapad

Small organizations will have a tougher time with CCPA compliance

While any organization that collects customer data will be directly impacted by CCPA, the urgency and consequences for non-compliance will be most heavily felt by smaller organizations with fewer resources and smaller pockets.

One of the observations about GDPR 1 year on is that compliance and issuing of fines has failed. Thus with CCPA, small businesses will be affected the most as they try to comply while many larger enterprises will deflect, delay or do lip service to legislation. #IDGTECHtalkSteve Prentice, professional speaker and writer

Those organizations that have the budget and those who are already on the path of #GDPR might find #CCPA somewhat easy and maybe redundant to do. Others without budgets to do this will just struggle. #idgtechtalkArsalan Khan, Speaker, Advisor and Blogger

Customers must educate themselves on the CCPA

The burden is on the customer to ensure their privacy is protected and that they understand their rights under the new law. CCPA is designed to put the power back into the hands of customers, and it does accomplish that for the most part. However, organizations are not responsible for educating customers on their rights, only for their own company-wide compliance.

Customers need to educate themselves on their #CCPA rights using #gov literature first. Companies will need to update their privacy policies and educate their customers through their usual outreach channels such as email or social. #IDGTECHtalkWill Kelly, senior technical writer

Customers need to understand their rights under #CCPA & how to make sure they are protected. For every #PII #privacy right afforded under CCPA, orgs. must have well-defined & documented processes to ensure they are executed properly. #IDGTECHtalkBen Rothke, Senior Information Security Specialist at Tapad

CCPA might make things more complicated at first

There are enough loopholes and murky language to thoroughly complicate the implementation of CCPA compliance. To combat this, organizations might do the bare minimum to meet CCPA standards. Again, this is why it is so important that customers take the time to educate themselves on this law. It is important that customers also play watchdog to ensure organizations sustain proper compliance practices under CCPA.

#CCPA will raise privacy concerns yet again with responses varying from lip service to deflection to some real (maybe not sustained) action depending on the company’s industry and their contact points with customer data. #IDGTECHtalkWill Kelly, senior technical writer

The California Consumer Privacy Act of 2018 is an exciting development as state governments and corporations navigate their responsibility for protecting customer privacy. We are even seeing other states follow in California’s footsteps with their own online privacy laws. While there will certainly be growing pains, the final outcome of a more secure Internet is invaluable.