California is known for being on the cutting edge of most things, and consumer privacy is one of them. Scheduled to take effect in 2020, the California Consumer Privacy Act gives consumers broader control over how their personal information is used. This was developed in part due to ongoing security breaches that have recently escalated. The new privacy laws in California include disclosures to consumers about how their personal information is collected, stored, transmitted, and shared. The new laws also outline the sharing and selling of certain information without the individuals’ knowledge or consent.
After massive data breaches, such as the Experian beach, consumers were rightfully angry. As outrage grew, it became apparent that changes needed to be made. Private citizens deserved protection. The industry fought back, as the implementation of new privacy regulations was seen as a hardship to companies. This was why the law was delayed. It allowed a period for businesses to organize and develop policies and procedures that would ensure they were compliant by the deadline. Few outside the legal community and the California business community understand what the California Consumer Privacy Policy is, and how it may affect them.
There are several aspects that fall under the category of one’s personal information. Many people would immediately realize that their name, address, and phone number would be among those items. They would also think of their social security number, driver’s license, and/or state identification number.
With a bit more consideration, they might realize personal information includes commercial information like records of their personal property. It covers biometric information, which includes fingerprints retinal scans, and DNA. Under the new law, it also covers things like your Internet use and browsing activity history.
Protected aspects even include more obscure personal information like the sound of your voice and thermal information. How this is to be implemented, and even what one’s thermal information specifically is, will be defined by the Attorney General.
When the new law takes effect, there are several privacy rights that will be guaranteed to the citizens of California of which they had been hitherto deprived. For example, in many companies, it is commonplace to collect the personal data, often relating to consumer purchase patterns, and sell that information to other companies. Under the new law, the consumer has the right to opt out of having their information used in that way. The primary rights provided by California Consumer Privacy Policy are the following:
In many cases, if a company fails to comply, the consumer has the right to bring a lawsuit. This is something that was not available to consumers before.
When first conceived, there were many industry concerns as to how this would affect their ability to actually conduct their businesses. These were primarily raised by smaller companies. To relieve their anxieties, and reduce their disapproval, several modifications were installed. These ensure that larger California businesses receive the brunt of the impact.
There were three “thresholds” that are included. If any one of these three are met, the law applies and the company has to comply to data collection regulations:
If any one of those thresholds is met, even by small companies, the business is subject to the law. Additionally, it impacts companies that are not actually based in California, but meet one of those thresholds while doing business in the state.
There is speculation that, since California often leads the way in policy changes, perhaps other states will begin to implement their own progressive privacy laws. Although it is unlikely to occur right away, an increasing number of areas may begin to see its merits for consumers. They will also note the minimal, if any, impact it has on most companies.
Additionally, as more states develop their own new set of standards, there is likely to be a push for unification. Federal guidelines emulating California’s privacy policy may be put into effect. This would make compliance, especially among companies with interests in multiple states, much easier to achieve.
Currently, California businesses are required to at least have a privacy policy that includes data collection and information regulations. They must also maintain reasonable security for the personal information of consumers. These include efforts to avoid breaches, but requirements to notify individuals of breaches within a certain length of time when social security numbers, banking, and credit card information have been stolen by cyber thieves.
The new law will clarify, expand, and enhance these regulations. Perhaps, in time, these safeguards will be in place throughout the United States. Until then, it’s important for all individuals to do their best to protect their private information from cyber criminals.