The global pandemic continues to affect nearly every aspect of our lives, including data privacy protection. Brazil is the latest country ready to launch data protection and privacy legislation, but the General Data Protection Law scheduled for this month is now on hold, due to economic challenges from Covid-19.
Even the pandemic cannot keep the demand for data privacy protection at bay, however. The way consumer data is stored, shared and utilized is a top concern of Americans. According to a new survey from KPMG, nine out of 10 Americans say businesses and the government hold the responsibility to protect consumer data.
That same majority of Americans also said companies should enact data privacy protection and privacy guidelines and policies, and companies should be held responsible for corporate data breaches.
California is often a leader (or Guinea pig?) when it comes to enacting consumer protection legislation. The California Consumer Privacy Act of 2018 (CCPA) grants privacy rights to residents of California, including:
- The right to know about the personal information a business collects about them and how it is used and shared
- The right to delete personal information collected from them (with some exceptions)
- The right to opt-out of the sale of their personal information
- The right to non-discrimination for exercising their CCPA rights
How does data protection affect my business?
You may think, “OK, my business is not in California, so this doesn’t affect me.” That’s not necessarily accurate.
If your online products or services are sold to residents of California, your for-profit business may be affected by the CCPA. If you meet any of the following, then the CCPA applies to you:
- Have a gross annual revenue of more than $25 million
- Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices
- Derive 50% or more of their annual revenue from selling California residents’ personal information
Right now, many small companies outside of California do not meet that threshold.
Why should I think about data protection today?
California is often a harbinger of things to come. The CCPA sets a precedent for other states to adopt; and, a federal law covering data privacy protection is not off the table. Plus, the stipulations of the CCPA could change, or new states’ laws may have much different criteria.
The KPMG survey results also state that nine out of 10 Americans believe data protection and privacy rights of the CCPA should be extended to all U.S. citizens, including the right to delete personal data, and the right to know how their data is being used.
It’s best to be prepared. When The General Data Protection Regulation (GDPR) in the EU went into effect a couple years ago, we made sure the marketing programs for our clients were compliant, even if they didn’t meet the GDPR threshold.
For example, we use WordPress for some clients’ websites, and we installed data protection plug-ins. WordPress also utilizes an erase data feature. We bolstered the privacy policies of their websites to meet the guidelines and we added cookie banners as appropriate. Additionally, we reviewed their data collection integrations and made adjustments as needed to ensure they had infrastructure and understanding in place on what needed to be done.