Are businesses prepared for California’s data privacy act?

The CCPA is set to be the most holistic consumer data protection law in the US. 
31 December 2019

California starts the new year with a new digital privacy law. Source: Shutterstock

Each day, millions of internet users trawl the web, leaving behind a digital footprint that is collected and used by businesses everywhere. Consumer data is used in numerous ways, from showing visitors targeted ads to improving the user experience.

However, a landmark law in California aims to give the state’s residents more autonomy over their data.

Enter the California Consumer Privacy Act (CCPA), which takes into effect next year. This groundbreaking law grants residents of the Golden State the right to demand companies to disclose what information is collected on them and stop them from selling it to other parties.

The CCPA is set to be the most holistic consumer data protection law in the US.

While the legislation has been warmly received by consumers, businesses are now confronted with the challenge of complying with this new law. But it shouldn’t necessarily be met with trepidation, notes Mike Vanderbilt, a cybersecurity expert at Baker Tilly.

“Businesses shouldn’t look at the CCPA as the mess in their basement that they don’t want to clean up. Now is the time for spring cleaning,” he said.

With only a few days to go before the law takes into effect, reports suggest that many businesses are still unprepared to meet the Act.

For instance, a study by Ethyca showed that only 12 percent of companies are confident in fulfilling an “adequate state of compliance”, while close to 40 percent of companies said they would need another 12 months to meet compliance standards.

So how can enterprises better prepare and brace the impact of CCPA with grace? Experts share some nuggets of wisdom.

The CCPA compliance kit  

For enterprises, the first step towards compliance is to add an “opt out” policy on an organization’s website, which puts the company in compliance with some of CCPA’s mandates and sets the tone for their data-privacy program.

However, businesses will need human and technological resources to develop the program and maneuver the project. Elizabeth Gallagher, CRO at Lineate shared in Forbes, “Some businesses may need new technology; depending on how clean and organized their data is, they may need to onboard developers or consultants to make it easier to comply with consumer requests.”

Another industry insider suggests that automation would be essential in helping companies manage requests from a pool of data conscious consumers. By adding automation to the mix, organizations can expect a strong start in streamlining processes and procedures with minimized risks of human errors.

Tom Harrington, Global Industry Market Leader-Insurance at Pegasystems, explained, “Let’s say a certain request makes up 95 percent of the total requests. This means that technology is needed to automate the resolution of this type of data request.”

Furthermore, organizations that adopt automation are investing in a long-term solution to meet a varied and increasing number of regulations that may arise in other states, and possibly the nation. Be it nationwide or international regulations, early adopters with technology integrated into existing systems are laying out strong foundations in data privacy programs.

The push for organizations to adopt technological solutions to comply with the CCPA suggests a new wave of opportunities for the tech ecosystem.

Ethical data management 

CCPA’s push for consumers to have more ownership over the collection and use of their data will push businesses to be creative in enticing consumers to “opt in” for data sharing.

This regulation may drive a new trend in data collection, whereby businesses propose a win-win deal that satisfies both consumers and companies to leverage consumer data for marketing strategies.

Zero-party data is one such strategy; it involves consumers sharing their personal information to brands and marketers in exchange for higher value or more tailored services. Greater adoption of this data collection method will change the dynamics of how brands choose to approach consumers.

The change begins when businesses re-examine their procedures in handling consumer data and where they stand in compliance with CCPA. The data privacy barometer would act as an indicator for organizations in evaluating their standards in managing consumer data and places a high standard when it comes to handling data breaches.

Essentially, the CCPA pushes organizations to think of innovative methods in gathering data by placing consumer rights and value at the core.