On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. Called “the first consumer privacy act in the country” by local legislators, this new law extends protections to the data consumers provide businesses.
California lawmakers and tech companies have debated the specifics of the CCPA for nearly a year. In June 2020, after three rounds of revision, the California Attorney General (AG) released the final version of the law. Courts began to enforce these regulations in July 2020, so business owners must understand the new expectations.
CCPA PREPARATIONS AND EXPECTATIONS FOR BUSINESS OWNERS
Most businesses in California likely have electronic data on their clients. With the regulations finalized, now is a great time for business owners to examine this data for CCPA compliance, and increase security. Cybersecurity firms recommend businesses take the following steps to secure their client’s information:
- Locate, identify, classify: Companies can first conduct an internal review of data management systems, locating client data and consolidating data. Security personnel should not overlook defunct systems or rarely accessed folders, as they might contain information on older clients. Protected information includes all identifying information, customer records, personal characteristics, purchase history, biometric information, internet activity, geolocation data, employment-related information, education history, and inferences.
- Comply: All protected data will likely require updated permissions and security measures. Business owners can limit employee access to information with role-based controls. If security programs are below standard, companies must invest in improvements.
- Maintenance: Just as more governments increase protections, information thieves devise new tactics. Cybersecurity managers at California companies must remain aware of new and developing technologies and upgrade security measures accordingly.
Companies must also allow consumers to access their information at any time and delete data upon request. Several technology solutions can remedy access issues.
LEGAL COUNSEL CAN REVIEW COMPLIANCE
After July 1, the State of California will begin taking legal action against local businesses not in compliance with the CCPR. Business owners looking for a legal review of their company’s security protocols can reach out to a local lawyer familiar with business law.