Compliance with new data privacy regulations
As we discussed recently, the California Consumer Privacy Act (CCPA) is now in enforceable effect. This, despite requests from businesses to delay in light of the current pandemic, as is happening in places like Brazil and India.
Unfortunately, and not surprisingly, we are seeing companies that have fallen behind now having to play a quick game of catch-up. A large majority, in fact: a TrustArc poll shows how as of last month, only 14% of respondents were fully compliant ahead of time, and around the same percentage preparing to begin implementing their new policies. Compared to GDPR, which showed 28% preparation, these low figures are part of what we’re learning to be a trend. Complex new privacy regulations come along, and no matter how much advance notice is given, the majority of organizations will not be ready in time. That’s just how it is. A pandemic certainly doesn’t help matters.
Creating even more concern is the fact that 88% of Californians support the proposed California Privacy Rights Act (CPRA), which will be on the ballot in November and would enact further standards alongside CCPA. The rise in hacks from numerous cybercrime groups, and more and more state-sponsored ones, has in my opinion made the proliferation of these cybersecurity laws more popular among voters.
In order to best meet this succession of challenges, companies that still have work to do must ensure they are capable of providing their customers with the required range of data control measures. That means full comprehension of the data the organization is collecting, where it resides, how it’s being used—and then communicating with their customers transparently. It can be tough to comply with CCPA-like regulations otherwise. If there is pervasive ignorance throughout the organization about proper procedure, data ownership, and lack of collaboration, no progress will be made. If standards aren’t met—or if a firm lies about meeting them—consequences will follow (as mobile gaming firm Miniclip learned when misrepresenting their security status to the FTC).
Who knows, perhaps as more data privacy laws arise, it may become progressively easier to adhere to new ones. Previous experience and acclimation could make a world of difference. Until such time, however, businesses find themselves forced to stay on their toes. It will be interesting to observe the effect CCPA has on both consumer and company behavior going forward.