We always knew that the General Data Protection Regulation was only the beginning. Even though GDPR was passed by the European Union, it affects companies and organizations doing business in European countries. The data breaches and consumer data sales which sparked the creation of GDPR have continued worldwide. It was inevitable that other states and countries adopt similar measures to protect the data of their private citizens. California is the next to join the party. Starting January 1st, 2020, regulations from the California Consumer Privacy Act of 2018 (officially, AB-375) came into effect. Organizations that neglect guidelines for regulatory compliance face a fine of up to $7,500 for each intentional violation and $2,500 for each unintentional violation. Much like GDPR, this not only covers for-profit California companies but also companies that collect California resident user data. If you think your company doesn’t count because you’re located in another state, you may want to take another look.
How Does the CCPA Work?
California state legislature passed the California Consumer Privacy Act in late June of 2018. The statute was amended on September 13th of that same year and on October 11th of 2019. The statute is focused on the rights of the citizenry, and the stated intentions of the original bill were to give California residents the right to have more knowledge of, access to, and control of personal data collected by corporations. California was in a unique position to pass this bill specifically because of a long history and robust foundation of consumer protections and privacy rights. While many other states have looked at repurposing the bill’s text for their constituents, the process actually won’t be that simple. Not least of which because any copy of the text in another legislature would be riddled with holes for which California’s established privacy infrastructure has already prepared.
The CCPA applies to any business collecting consumers’ personal data in the state of California. If that business meets at least one additional criteria, it qualifies for the regulations: an annual gross revenue of more than $25 million, trades the information of at least 50,000 consumers, or earns more than half of its revenue from trading personal consumer information. Consumer data covered by the CCPA includes expected fields, such as name, postal address, home IP address, and SSN. But it also includes Biometric information, geolocation data, AV recordings, and employment records. This is a pretty broad range compared to GDPR and essentially covers every possible datum an organization could have on a user or client.
What Do I Have to Lose by Not Following CCPA Regulatory Requirements?
Technically, the rules regarding data breaches are more lenient and depend on consumers and the AG’s office to file complaints and prosecute respectively. Businesses do not have to report breaches as they are defined in AB-375. If the AG decides not to take a violation to court, consumers may still file a class action lawsuit. Companies can be sued for $750 per consumer, per incident. They could also be sued for actual damages instead, whichever is greater. Whereas GDPR penalties are based on the company’s annual revenue and so may scale with the size of the business, CCPA scales with the size of the transgression. In other words, the less you secure your data, the more you stand to lose.
How Can My Company Comply with the California Consumer Privacy Act?
While the data type specifications are sweeping, the measures organizations must take to comply are specific and clear. Your company must update its privacy policy to include notification of how users can opt out of personal information use and how they can access their information. To that end, you must also include an opt-out link or form on your website. The rules even instruct you to place this in the footer so that it’s not hard to find on any page and so that companies don’t experience digital marketing strain working it into a pristine header menu.
The CCPA is especially protective of minors. Businesses can only collect personal data of persons under the age of 16 with explicit consent. And this policy becomes stricter concerning persons 13 and under. Furthermore, for customers and users of all ages, the company must implement a means by which persons can request access to their personal data. This includes any sale of that data to third parties. Companies must comply within 30 days of any such request, meaning that archaic data architectures and bureaucratic processes aren’t going to cut it. And if your company is in the middle of containing a breach when these request come flooding in – let’s just say it will save you time and money paying for an ounce of prevention. Even when the infrastructure is in place, there is no substitute for considerable document security at every level.
What Steps Can I Take To Comply Now?
It is never a bad idea to rethink how you manage consumer data internally. How you create it in its digital form. How you store it. How you share it. Luckily, enterprise content management is exactly that – reimagining document handling and storage. While you may need web design services to add the necessary links and info to your web pages, an up-to-date ECM (and adherence to best practices) will safeguard you from the worst case scenario.
An ECM solution like Contentverse can help you to digitize your entire herd of filing cabinets. Batch processing will speed up that process, and metadata makes documents easier to find at a later date. With a separate security administrator, you can not only limit who can access what but even ensure the management team and other admins are operating within security protocols. The wrong person will never be accessing or checking out a file for which they do not have permissions. With Contentverse’s new Content Sentinel, documents can be securely shared via email link with those outside of the organization. And the double-layered encryption of files protects files even in the remote possibility of outside access due to human error.
The GDPR and CCPA are both frightening to a lot of businesses, but when you consolidate your prevention into a single ECM, they don’t have to be. If you are not already prepared for CCPA regulation, the time is now. Don’t let another day go by putting your users’ data – and your company’s welfare – at risk.
FOR IMMEDIATE RELEASE Steve Harnden, Marketing Manager, Computhink 630.705.9050 x221, sharnden@computhink Lombard, IL, January 3, 2013 – Computhink, Inc., a leading provider of Electronic Document and Content Management Solutions to the small to mid-sizedRead more
Office space is shrinking. Companies have gone from the generous 500-700 square feet per employee in the 70-s to around 200 square feet today. Zappos allocates as little as 120 square feet to each employee.Read more
To keep your business running smoothly, you have to pay attention to how its underlying processes are being managed. How do you accomplish this? Through business process automation (BPA). I’m not just talking about theRead more
Regulatory compliance, whether governmental or a self-regulating body, has always been a primary concern of business. In recent years, a number of comprehensive regulations have come into effect due to financial scandals involving several financialRead more
Having access to your documents from anywhere is more than just a convenience. Content and document management software enables relationships with clients and co-workers to be more seamless and integrative, with assigned tasks and documentRead more
Microsoft’s SharePoint remains a great app for collaboration and file sharing, but when trying to expand capabilities users quickly find the ubiquitous biz application inflexible without a load of add-ons – add-ons that make theRead more
For most people, at least 1/4th of their time each week is spent in the office. As a result, it’s prudent to treat your office space like a second home. Clutter is a major distractionRead more
FOR IMMEDIATE RELEASE Steve Harnden, Marketing Manager, Computhink 630.705.9050 x221, sharnden@computhink CHICAGO, IL, July 24, 2013 – Computhink, a global provider of document and content management software, has rebranded their flagship product to Contentverse.Read more
Leave a Comment