Data privacy is important as long as secrets exist, not to be shared with everyone. This is why people place locks on file cabinets and pay for safety deposit boxes to deposit jewelry and valuables, at their banks. With more personal data becoming digitized, and as we increasingly share more data and documents online, ensuring data privacy is being taken very seriously and is of prime importance.
A single company may possess vast reams of personal data belonging to millions of customers and this data is to be kept private so as to protect customer identities and ensure their safety and protection, so that the company’s reputation remains blemishless. This is also why California has just approved the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq. (CCPA), requiring US companies to initiate and implement similar privacy initiatives, which enables California residents unparalleled data privacy rights in USA. The law is effective from January 1, 2020, and all business entities are expected to comply. Internet lawyers like those from revisionlegal.com help businesses to comply with CCPA. A wide range of internet law attorneys can counsel corporates and individuals on a range of Internet-related issues like copyright and DMCA, domain name disputes/theft, trademark issues and unfair competition problems, including compliance with CCPA norms. With the description of what CCPA is expected to do, businesses should comply, if within the scope of the law. Some ways wherein businesses can comply with CCPA:
SCOPE OF THE LAW
All organizations are not subject to CCPA norms as only businesses with gross annual revenues exceeding $25 million, those buying, receiving or selling personal data exceeding 50,000 consumers, households, or devices and businesses deriving 50 % or more annual revenue by selling consumers’ personal information, are affected. For-profit enterprises need not be based in California to be subject to the statute.
IT’S NOT JUST IT
Businesses should have an internal team of legal, business, compliance, and technology experts to assess compliance strategy for addressing implications of CCPA on their businesses and review all similar legislation expected.
REVISE ONLINE POLICY
Start by update of Websites and review employee privacy policy to include details of categories of all the information collected, third parties for data-sharing, and rights of individuals under CCPA. Also look at your non-customer-facing, internal privacy policies and operating procedures also. Policies may be re-drafted to meet specific organization needs so that that these are implementable, enforceable and useful.
DOCUMENT “REASONABLE SECURITY” PRACTICES
Covered businesses must review current information security processes in line with established and approved data security standards like CIS. Companies may ensure proper documentation of controls in place to demonstrate satisfactory security if there is a data breach.
ESTABLISH SUBJECT DATA REQUEST PROCESSES
Companies must prepare intake and actuate consumer access and deletion requests, through a robust data request process. As data privacy is essential for ever-evolving technology, more individuals actively make efforts to ensure that all personal data, relating to the consumer industry, are secured and safe. Any business under the ambit of this new law,should be proactive and ensure that their business remains in compliance. If you are unsure of ramifications, do consult legal experts.