The ability to make any use of personal data collected will be severely restricted in a similar manner as it is already in place in European Union through the General Data Protection Regulation. GDPR is one of the most comprehensive data protection laws in the world today. CCPA is considered to be one of the most significant legislative privacy laws in the US.
According to Enza Iannopollo, Senior Analyst Forrester, ‘CCPA is the first of many state level privacy requirements’. CCPA is upon us in less than a year and would mandate a review option by the consumer to look back 12 months on what data the company has about her – which in this case would be 1st Jan 2019. If you are GDPR ready you can reuse much of the framework. There are significant differences though, between the two laws, according to the Future of Privacy Forum.
If you are running a SAAS company like me it is critical for us to re-align. Customers are not willing to be the commodity simply because we offer our software for free.
While CCPA and GDPR are similar in relation to how they define some of the common terminologies, additional protection for customers under 16 and rights to access personal information, they differ in the scope of application, limitations in the nature and extent of collection of data and rules on accountability. CCPA focuses on transparency obligations and requirement of “Do not sell my personal information” link on business homepage. It also includes specific provisions on data transfers during mergers and acquisitions.
There will be more to consider as the dates come nearer. We hear very little from the large corporations who are sitting on our data about their plans on compliance.
Links to articles by Enza Iannopollo and FPF Forum below: