The Spread of Privacy Legislation

Reading time:
3
minutes
With new privacy legislation and acts coming out of U.S. states and countries, non-compliance is a recipe for stiff fines and even public vilification.
B

usinesses can no longer ignore the ethical and technical requirements of consumer privacy. With new privacy legislation and acts coming out of U.S. states and countries, non-compliance is a recipe for stiff fines and even public vilification.

Companies shouldn’t have to be forced into privacy compliance. They should want to opt-in on their own accord. Complying is a matter of integrity and it shows ethical responsibility.

In this article, we’ll look at the spread of privacy legislation and how businesses can adapt to increasing privacy requirements.

California Consumer Privacy Act (CCPA)

The CCPA is similar to the EU’s GDPR that took effect in the Spring of 2018. As you might have guessed, CCPA is specific to California. It protects residents of the state. However, since virtually everyone in the U.S. and the World does business with California, everyone's business will need to comply with CCPA. Businesses that do not comply with CCPA can be sued $750 per incident by individuals. CCPA doesn’t go live until 2020.

Since virtually everyone in the U.S. and the World does business with California, everyone's business will need to comply with CCPA.

Some considerations for businesses are to ensure that not only is your business compliant but also any vendors and partners. For businesses that store personal data on their servers, the task of compliance will be far more involved. Hiring a consultant is certainly worth contemplating.

As CCPA pertains only to California residents, creating a system just for CCPA and another for everyone else is an option, although an expensive one. More states have privacy acts in the works. Going down the road of creating a system for each state is impractical. It is likely that most privacy regulations will have a common ground, as is the case with CCPA and GDPR. This common ground will help to ease the technological and costs burdens on businesses.

California is the first U.S. state to implement a privacy act. However, other states are taking steps and following California’s lead, including Hawaii, Maryland, Massachusetts, Mississippi, and New Mexico.

General Data Protection Regulation (GDPR)

GDPR was the first major privacy legislation implemented for any nation or region. GDPR is the European Union’s consumer privacy legislation. It allows EU members more control over their data. Businesses must inform EU members of any list those members are subscribed to and how their data is or will be used. Businesses must ensure that user data is used, as stated on the business’ website.

GDPR fines for non-compliance can total 4% of a business’ annual turnover. Cambridge Analytica was fined €500,000, but only because GDPR was implemented after the Facebook-Analytica data scandal occurred. Google was not so lucky. It was sued €50 million by a French firm for not being transparent about how advertising data was being used. That case became the first major GDPR fine for 2019.

GDPR and now CCPA have shown other countries that privacy legislation isn’t just a gimmick. Japan, Brazil, South Korea, and India all have privacy legislation in the works.

Differences Between GDPR and CCPA

CCPA took a few cues from GDPR. But there are some differences between the two. CCPA is more detailed about the use of PII (personal identifiable information), especially when it comes to biometrics.

With CCPA, basically, anything that touches consumer data must be disclosed to consumers.

CCPA also forces companies to open up their internal infrastructure more than GDPR. This part of most companies has always been private.

Developing A Privacy Program

Creating a privacy program is time-consuming and will require the input of executives and managers. Storing data on company servers isn’t a bad thing but does require more resources to manage than using third parties (i.e., cloud-based services) and can be more of a liability. Third parties that handle any customer data must be identified. Every third party should have a privacy policy that is at least as compliant as the company’s privacy policy.

Front-facing privacy policy needs to be created, as well. To be compliant with GDPR and now CCPA, disclosing all parties involved with customer data and how it is handled is a good place to start with any new privacy policy. The current trend in privacy acts and legislation is to be fully transparent about consumer data. This includes disclosing the names of involved third parties, allowing consumers to control the use of their data, and even delete/opt-out (including opting out of any related third parties).

Such functionality requires a technical implementation that can automatically remove consumer data from your servers and third-party servers. If you don’t have the expertise to put together this type of system, a consultant can help with developing a roadmap and implementation.

Build Customer/Consumer Trust

Adhering to GDPR and CCPA is the minimum, required bar for compliance and for building consumer trust. Going further with transparency will continue to build trust. If you keep in mind that consumers want to know everything that is happening to their data, you likely can’t go wrong by disclosing that information and being sure that you consistently disclose any related changes to your privacy policy.

Please note: Sources are provided for informational and reference purposes only. DeWitt has no vendor affiliations, offers no products, and has no conflicts of interest.

Are you in?

Subscribe now and enjoy our latest thinking on the issues that matter most in business.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
THere's More

Additional insights you might  like

Keep Exploring
Article
February 24, 2021
The 4 Strategies of Digital Transformation
Digital Transformation requires focusing on the aspects that are most crucial to current and anticipated future needs, and clarity to successfully maintain the pace of the transformation as it moves between phases.
Article
February 5, 2021
3 Top Reasons Why Everyone Needs an Advisor
The right advisor can bring clarity, focus, and greater confidence to your career. Learn more about the main reasons why you need an advisor in your life.
Article
January 6, 2021
5 Key Factors Influencing Strategic Planning in 2021
The strategic planning landscape has shifted. Understanding the factors that influence success are critical for every organization, whatever the industry or size, to remain competitive.
Article
December 2, 2020
Strategy vs Tactics: The Difference and How to Prioritize
The difference between strategy and tactics is substantial, so comprehending their exact meaning is a crucial business component.
Article
August 26, 2020
7 Ways to Know If Your Idea Is Business-Worthy
It's every entrepreneur's dream to see their ideas come full circle to become a fully-fledged business. But how do you sift through all the great ideas, and know that it's a viable business opportunity?