The California Consumer Privacy Act passed into law in 2018 is scheduled to go into effect January 2020. It could potentially have dire consequences for unprepared businesses serving their customers especially when they demand to be forgotten.
The new law affects everyone from internet service providers to mom-and-pop shops when it comes to privacy, data retention and compliance regulations. Failure to comply with the pending CCPA regulations can result in having to pay massive fines, similar to the recent General Data Protection Regulation (GDPR) fines levied against Google in the European Union. However, there are steps that organizations can take to ensure compliance while protecting consumer data referenced as personally identifiable information (PII) or personal health information (PHI).
Companies looking to capitalize on the ever-shifting privacy landscape can maximize this opportunity by asking not just how, but why. The reasons that necessitated the CCPA are of similar logic to those that brought about its predecessor GDPR for Europeans and PIPEDA for Canadians – governments are drafting laws that aim to hold organizations accountable for safely storing and protecting consumer data. The requirements of these regulations range from the now-expected cookies prompt on websites to the use of pseudonyms when storing the data volunteered by consumers.
Another approach for organizations looking to understand the ins and outs of CCPA is to simplify the requirements. There are hundreds of pages of CCPA requirements that can equally intimidate Fortune 500 companies and small businesses alike. These requirements can be distilled into a few key steps for organizations planning to minimize risks of privacy non-compliance.
- Identify all sources of data within the organization. In order to safely secure all data that falls under an organization’s purview all sources of data flowing into the organization must be understood and documented. This makes it easier to sort the data into the appropriate data storage protocols.
- List who can access the sources of data. Much of the focus on PII / PHI revolves around who has access to that data. By always knowing who has access to PII / PHI, organizations can minimize risks while also gaining more control over internal processes.
- Establish requirements for each data source. Companies should determine the requirements necessary for each source of data. Predetermining data requirements, such as which fields need to have pseudonyms applied, can force organizations to give more thought to the volume and type of data expected, and better understand how best to store it.
- Determine what processes must be changed to comply. A little foresight can go a long way. Organizations examining data processes today can avoid potentially hefty fines for non-compliance when the CCPA goes into effect in 2020.
- Take control of data retention processes. Once companies have taken the proper steps to limit access, establish requirements, and determine processes for storing data, the next step is to take complete control of the data retention process. Establishing and maintaining control of data is the ultimate compliance goal for organizations that fall under jurisdiction of CCPA or GDPR. Additionally, there are vendors who offer capabilities such as automation and enhanced searchability of data retention.
There is no time like the present for organizations to start taking steps to ensure CCPA compliance. Often the most time-consuming part of the process is determining what steps are needed and who is best qualified to understand and overhaul data retention processes. Get a head start on understanding the 2020 requirements and take action before it’s too late.
Chris Jordan is CEO and co-founder of Fluency Security (www.fluencysecurity.com), a security audit and automation technology firm that uses artificial intelligence to retain and organize data to meet regulations and support investigations in seconds.
BroadbandBreakfast.com accepts commentary from informed observers of the broadband scene. Please send pieces to firstname.lastname@example.org. The views reflected in Expert Opinion pieces do not necessarily reflect the views of BroadbandBreakfast.com and Breakfast Media LLC.
- Broadband Roundup: FCC Announces More Rural Funding, Everyone On Expands Footprint, US Telecom Gets Political
- With FCC Broadband Maps Denounced as ‘Terrible,’ Members of Congress Drill Into Details For Improvement
- Digital Literacy Legend and Rural Telecommunications Congress Board Member Gene Crick Dies
- Addressing the Impact of Big Data Upon Antitrust is More Complicated Than a Big Tech Breakup
- Speaking at Commerce Department Symposium, Federal Agencies Doubt Benefits of Spectrum Plan
Intellectual Property2 months ago
In Congressional Oversight Hearing, Register of Copyrights Says Office Is Responding to Online Users
Broadband Data3 months ago
Pennsylvania Broadband Speeds Worse Than Previously Believed, According to State Report
Broadband Data3 months ago
California Report: Income Most Significant Factor in Low Broadband Adoption
Privacy and Security2 weeks ago
Comparing Privacy Policies for Wearable Fitness Trackers: Apple, Fitbit, Xiaomi and Under Armour
Broadband Roundup1 month ago
Cable Industry Touts Energy Efficiency, Next Century Highlights Open Access Fiber, Aspen Forum Set
Drones1 month ago
Greater Commercial Use of Drones Will Force Revisions of Federal Aviation Administration Regulations, Say Experts
Fiber1 month ago
‘Dig Once’ Provides Future-Proofing Solution for Federal Highway Infrastructure, Says BroadbandNow
Free Speech4 weeks ago
Part IV: As Hate Speech Proliferates Online, Critics Want to See and Control Social Media’s Algorithms