With the amount of personal data being exchanged across numerous platforms these days, it is no wonder that data security is becoming a huge topic of conversation in the business world. We are seeing an increase in cyber incidents and/or data breaches, which is exposing consumer data by the millions. Additionally, some companies sell their customer’s information, which may prove troublesome without proper disclosure and leave the organizations open to lawsuits.
This is why privacy security regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), have come to pass. Both aim to protect the consumers’ personal data with a set of compliance guidelines.
More on the CCPA
Under these regulations, consumers have the right to know when a company is collecting their personal data and exactly what pieces of information are being stored. “Personal information” can be defined as anything from email addresses to social security numbers. It can even include geolocation, browsing history, and consumer behaviors. Consumers also have the right to access their info and know if it may be sold by the company. If the company does, indeed, intend to sell the consumer’s data, the consumer has the right to opt out of that transaction. Companies are also expected to offer the same service and rates whether the consumer opts out of data sales or not.
Something important to note about the CCPA, which goes into effect on January 1, 2020, is that it does not only affect business who operate within California. It also applies to companies who market to residents of California. They also need to either have an annual gross revenue of over $25 million, make more than 50% of its revenue from selling consumer data, or participate in any side of consumer data transactions of 50,000 consumers or more per year.
Penalties for companies who operate in violation of the guidelines can reach up to $7,500 per incident. That means that if an organization falls victim to a data breach where thousands of customers’ data is exposed, they stand to owe millions of dollars.
The Impact on IT
The initial worry for the IT industry is that the California law will create chaos within compliance. It has been suggested that each state in the U.S. pass their own iteration of the CCPA, though it is unlikely. That said, each U.S. jurisdiction may pass its own law with specific privacy provisions. If this happens, there may be additional restrictions and requirements. The chaos will come when/if businesses in each state will have to meet compliance standards for every set of state guidelines, with the possibility of running into conflicting rules.
IT will have to begin relying on location services to determine where each user is processing a transaction in each instance. The alternative would be to stop conducting business in markets with states that have complex regulations. This would be a likely option for a small business without the financial resources to hire an agency to determine the rules for each state. Of course, excluding a market would not be ideal and might lead to the beginning of the end of a business. On the opposite side, it could negatively impact those state, leaving them without certain goods or services.
There could be an alternative scenario where the U.S. Congress introduces privacy legislation that would apply to the entire country, and, in effect, preempt state laws. This would make following compliance requirements a much easier task for IT professionals.
Since there is still some time before the CCPA goes into full effect, any number of things could happen to change the implications of the law and impact on the IT industry. Until then, the IT world will be busy preparing for the transition to the new guidelines before the big day in 2020.
About the Author: Victor
Victor brings nearly ten years of enterprise and SMB sales experience in the information technology and software space. Prior to joining Valicom, he served as regional channel sales manager working for one of the industry's largest enterprise labeling software companies. With a focus on great customer service in helping channel partners grow their businesses, Victor joined the Valicom team in late 2015 after relocating to the Madison area. Victor holds a bachelor's degree in Communication from UW-Milwaukee, and when he's not in the office he enjoys exercising, travelling abroad, and spending time with his growing family.