California is setting the stage for more accountability in the digital world—and it’s bound to become the new norm, considering its swift and broad reach. Effective January 1st, 2020, the state passed the California Consumer Privacy Act, or CCPA.
What Is the CCPA?
It’s a law stating that any California consumer can demand to see the data saved on them as well as any third parties that the data has been shared with or sold to. On top of that, California consumers can also request that any data on them be deleted from any systems its been saved on or shared to.
We all know how smart the internet has become in recent years, and much of that progress is driven by the data that tech companies have been able to store and use to improve systems, products and processes. But California’s newest privacy legislation is a reflection of mainstream fears that the internet is becoming creepier and more dangerous by the day.
But while the law has been in effect for over a month now, it’s still unclear exactly how businesses will become and remain compliant. Many bigger entities have implemented “do not sell my personal information” buttons on their websites, and smaller companies have established a team to deal with any personal data requests via email. These are first steps, but only time will tell the real measures that companies will need to take to ensure that when a request comes through, they are equipped to provide whatever necessary.
It’s also unclear exactly how some companies are expected to answer consumer requests, given that information like a users location, age, or gender may be shared or sold in less than seconds through systems that never had a user’s name to begin with. But regardless of how murky the waters are now, this type of privacy law became inevitable, with California’s state Senate majority leader calling it the “wild west.”
What Existed Before the CCPA?
The short answer—nothing. This is the first law of its kind with such strict guidelines. In the U.S., we’ve had laws that protect children, such as children’s online protection (COPPA), and laws that target email spam, like CAN-SPAM, but until now we’ve had nothing that empowers users to take action when it comes to their personal information. The CCPA sets a huge precedent in the digital space and is bound to influence other state and federal legislation at the crossroads of big data and personal privacy.
How Do I Know If the CCPA Affects Me?
This law affects any for-profit business serving consumers in California. This means that even businesses based outside of California are not necessarily in the clear. Selling a product or service to a California resident leaves you subject to this legislation, meaning that a even if your business is based out of Birmingham, Alabama, selling and shipping a product to the Golden State will leave you subject to the requirements of the CCPA. This is why it’s so important to pay attention! You’ll need to make sure you’re ready.
If you’re a business owner, and even if you’re not currently serving any consumers out of California, it will benefit you to keep close tabs on what information you’re saving and sharing. This will become the new norm of the internet, as consumers demand the privacy that is rightfully theirs. And if you have questions about how to prepare, let’s open a conversation.