When it comes to compliance and data privacy, ignorance is not bliss. Today’s businesses must be aware of the regulations that govern them or risk incurring significant, potentially crippling penalties.
From the California Consumer Privacy Act (CCPA) to the latest bills introduced across the country, legislative and compliance expert Bill Tolson explores the ins and outs of U.S. data privacy laws and how they affect enterprise organizations.
The tech giants that the CCPA attempted to target were able to escape liability by capitalizing on a convenient loophole that excluded data analytics from the definition of a sale. New CCPA enforcement letters could have major implications for the broader data ecosystem —
third-party data may disappear as we know it. The time has come to provide consumers with value for opting in.
On March 17, California officials announced the establishment of the five-member inaugural board for the California Privacy Protection Agency (CPPA). The CPPA was established by the California Privacy Rights Act (CPRA), which California voters approved in the November election. The CPPA will take over rulemaking duties from the California Attorney General’s office and will administratively enforce the CPRA. Given that California has the world’s fifth largest economy, the CPPA has the potential to be one of the most important data privacy authorities in the world.
On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.
Regardless of industry, no company can escape the widespread reach and impact of data. Whether a company is collecting account information from customers or aggregating platform usage data, handling large amounts of data has become the norm. While this creates boundless new opportunities for businesses in analytics and real-time decisioning, it also introduces new risks that organizations need to consider and prevent where possible.