New Consumer Data Protection Laws Call for Security Solutions

Discover why California’s new consumer data protection laws are forcing companies to take extra measures to comply … and why other states are following  

California is once again at the forefront of legislation designed to transform the way data is protected, putting more pressure on businesses to have solid data protection policies and tools in place.

In May 2018, California passed the California Consumer Privacy Act (CCPA). The law is a wide-ranging set of protections designed to ensure consumer data and privacy are protected at all levels and phases. In addition to offering protection to the data itself, the CCPA also governs how businesses manage their relationships with their customers. It requires that many types of businesses have policies and procedures in place that no later than July 1, 2020. Businesses that do not comply face the risk of noncompliance penalties due to actions by the state Attorney General or private plaintiffs.

How Does the CCPA Protect Consumer Data?

The CCPA covers businesses that meet at least one of the following:

  • More than $25 million in annual gross revenue
  • Earns more than half of its revenue annual by selling personal information to a third party
  • Collects and stores personal information on 50,000 or more consumers, households or devices

Personal information is broadly defined by the CCPAIt includes data that is typically covered by data security legislation, such as account information, email addresses and professional information such as employment history. It also includes some information that is commonly not found in such laws, such as unique identifier records, IP addresses, biometric data, browsing history, search history or engagement with applications, ads or websites.

While the law does not cover publicly available information, it does cover any inferences that can be made from information to create profiles of consumers.

What Do Businesses Need to Do?

To comply with the CCPA, covered businesses need to:

  • If asked, delete any protected information it has collected and have service providers do the same. Some data does not need to be deleted, such as that needed to complete a transaction or identify fraud.
  • Identify the categories of information that they sell to third parties and how that information lines up with categories the third parties have.
  • Provide consumers with detailed information, via email or mail for free, no more than twice annually, including:
    • In what categories the business has collected information
    • The categories that define the sources of that collected information
    • The information itself
  • Provide notification to consumers if their information is going to be sold to a third party and a means by which consumers can opt out of having their information sold to a third party
  • Not discriminate against consumers who choose to exercise their rights
  • Post California-specific notices about privacy rights on their websites

Is California the Only State with Consumer Data Privacy Laws?

No. All 50 states have laws covering data breaches. And in 2019, more than half the states considered consumer data privacy legislation. Many did not make it through the legislative session, but Maine and Nevada passed rules similar to California.

What Does This Mean for My Business?

With more states passing legislation regarding consumer data, businesses need to be ever-vigilant. At BlueHat Cyber, we offer compliance audits and enterprise security solutions to help your business remain in the clear. To learn more, schedule an initial consultationtoday.

Not Sure Where To Start?