On June 28, 2018, the California Consumer Privacy Act (CCPA) was passed and signed into law by California’s governor. Businesses who have ANY customers in California will have to comply with these new standards. With an effective date of January 1st, 2020, this gives businesses who have customers in California a little over 1 year to prepare for these new standards.
The CCPA has many of the same principals as the EU’s famous General Data Protection Regulation. These include the right for consumers to know what data companies have on them, how that data is being used, the right to delete that data, and the obligation of the business to appropriately safeguard that data from a data breach.
Companies that underwent a GDPR program, and have implemented procedures and processes to meet this obligation continually, will be in excellent shape for the CCPA. However, many U.S. based companies who thought they would not be impacted by GDPR are now in the position where it will no longer be optional to comply with these privacy obligations now that CCPA is in the United States, and California being the largest state, almost all business of scale have at least one customer in California. Additionally, other states are already starting the processes of adding data privacy regulations and it is likely that a federal law will be in place in the coming years.
These obligations are too important to handle outside standardized systems and processes. A scattered approach using email, spreadsheets, and documents is a surefire way to ensure that a company is not well-positioned to protect the privacy rights of data subjects. Additionally, these are not one and done assessments – they are continual obligations to ensure the privacy rights of data subjects.
Enterprises can ensure they meet these obligations, and any future privacy obligations, by investing in risk management systems to run their privacy programs. A system will provide scalability, consistency, and security that is required to meet these ongoing obligations. Learn more about how Fusion can help you manage any privacy program with our combination of software and consulting services on our data protection regulations page.