Back in March 2018, more than 50 million Facebook subscribers were shocked to find out that Cambridge Analytica had collected their user information without their consent or knowledge. This data was used for targeted political advertisements to influence the votes during Trump’s presidential campaign.
These actions led to May’s California ballot initiative on data privacy, where supporters collected over 600,000 signatures. But this was not the ideal method of addressing the issue, since ballot initiatives were laborious to improve before implementation, and too complex to amend afterward.
Legislators in California had no choice but to make their move.This measure is known as the California Consumer Privacy Act (CCPA) of 2018 (AB 375) and was spearheaded by Senator Robert Hertzberg and Assemblymember Ed Chau.
On June 28, 2018, the Golden State’s governor signed a data privacy bill to protect the information of people who use technology by imposing regulations concerning sharing, usage, and collecting of private data over the internet.
Starting January 1, 2020, this policy will give consumers the right to demand that companies disclose the categories of information they collect about their customers, the third parties that have access to this content, and the purpose of data collection.
Who are affected by this new policy?
Companies that meet the following criteria are subject to compliance with the CCPA:
- 50% or more of the firm’s yearly revenue is taken from selling the personal data of consumers;
- annually receives and shares the private data of at least 50,000 devices, households, or customers; and
- has a yearly gross revenue of at least $25 million.
What legal rights does this act grant consumers?
Lawmakers have released a simple summary of what the CCPA is about by introducing Californians to new data protections, which cover the following:
- Consumers can reject the sale of their personal information.
- Consumers can get a notice that their sensitive information is being collected.
- CCPA expressly provides that contract provisions are void if businesses pretend to waive or limit a user’s privacy rights and enforcement remedies under the Act.
What does this law require businesses to do when retaining data and informing customers?
Most of the provisions in the CCPA involve complying with customer requests for their private data. Companies must:
- Prevent discrimination. Businesses cannot deny services or ask for an incentive if they provide privacy rights to consumers.
- Deliver and disclose private data as requested by consumers without charging a fee. However, enterprises are not required to hand over sensitive data if consumers request it more than two times within 12 months.
- Inform customers prior to data collection what types of sensitive data will be collected and what business purposes they will serve.
- Delete the collected data if the customer requests it unless it violates the right to free speech or other rights provided by law.
Keep your business compliant with the help of an MSP.
Working with a reputable managed IT services provider (MSP) will have numerous benefits for your company, including compliance with any data privacy laws. Hiring professionals to analyze the state of your IT equipment and workflows can reveal areas for improvement and increased ROI.
Zeta Sky offers cloud desktop solutions for customers in Rancho Cucamonga, Ontario, and Riverside. We go above and beyond to keep all aspects of your IT infrastructure optimized and working efficiently. Contact us today for a complimentary consultation.
