Firms Must Prepare For CCPA ComplianceAugust 13, 2019
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, signals a major shift in the way that the United States and allied economic powers treat consumer data protection and privacy. For many years, the government’s primary focus was protecting data and shoring up authorization practices. This led to multiple innovations in the way of technology and tactics to optimize data access and control. However, it meant that until recently, the government was focused on ensuring authorized access, but was less concerned with regulating usage after authorized access.
With CCPA, the United States is aligning more closely with a growing global trend towards better governing the use of data and providing consumers with the ability to determine and direct the use of their data. Coupled with increased regulatory sensitivity toward consumer data, shifting consumer expectations should serve as an early indicator for financial institutions that hardening perimeters and deploying rigorous access control is no longer going to suffice – data element level management and governance is necessary to enable appropriate usage.
Q2 hedge fund letters, conference, scoops etc
Global Shift Toward Governing Data Usage
Governments and regulatory bodies around the world have begun to make strides toward regulating appropriate usage of data to add to existing regulations around safeguarding data. The most restrictive current law in existence is the EU’s General Data Protection Regulation (GDPR), a regulation that strengthens and unifies privacy protection across the region and imposes fines upon an organization – up to 4% of the company’s annual global revenue – for breaches that occur.
The U.S. has a number of current and proposed laws that parallel this global trend, currently emerging on a state-by-state basis and applying only to companies that do business in that state and/or process data of state residents. At recent count, 14 states had some legislation underway on data protection and privacy, which broadly address four major themes:
- Data Protection. Cover, at a minimum, direct information collected about consumers.
- Transparency and the Right to Know. What information will be collected about consumers, where it is collected from, why it is being collected, and how will it be shared.
- Consumer autonomy. Extend consumers’ autonomy over the use of their data.
- Obligations for safeguarding consumer data, including cybersecurity risk management, breach reporting, multifactor authentication, and access limitations.
Eight Steps to CCPA Readiness
As the regulatory landscape shifts towards governing data usage, businesses should begin to integrate privacy into all facets of their business, from internal items like strategy,