What about the effects of the CCPA?
SACRAMENTO – California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA). The forums will provide an initial opportunity for the public to participate in the CCPA rulemaking process. As part of this process, the Department of Justice invites all members of the public to speak at these events.
The CCPA grants consumers new rights with respect to the collection and use of their personal information. Businesses are prohibited from discriminating against consumers for exercising their rights under the CCPA.
As required by the CCPA, the Attorney General must adopt certain regulations on or before July 1, 2020. Effective January 1, 2020, businesses must comply with the CCPA’s key requirements:
The more I read on CCPA, the more confused I get.
I read, it's like GDPR but different but that is qualified with "we probably won't know all the details until January, 2020.
I have also read that the law was put together rapidly to avoid "more stringent" laws.
The current fines associated with this new law seem to be excessive. See this article:
This articles goes on to say that most businesses may not be affected by the law.
So you raise a good question....what will the effects off CCPA be?
So if anyone has any opinions/thoughts, would love to have a conversation and maybe do a comparison of different laws (PIPEDA, GDPR, CCPA).
@dcontesti I know there is a lot of conjecture from various sources including IAPP, and this link:
However, you have to subscribe to obtain the full analysis, but may be useful as a starting point.
I see a convergence of both Privacy and Security happening this year, and indeed it is subject that we may all have to ensure we have a strong grasp especially from a Privacy by Design and Security by Design perspective.
I'm willing to discuss it with you Diana.
The law wasn't necessarily put together rapidly. The method in which Assembly Bill 375 was signed into law was faster than making it a ballot measure for voting. Yes, AB 375 (aka CCPA) is considered by many to be less stringent than what would have otherwise reached ballots. Nonetheless, its now a law to be enforceable January 1, 2020, giving consumers a private right of action, and in July 1, 2020 for the government.
Most businesses will be impacted by the law even if it only affects their strategic plan or growth trajectory. The businesses that will fall under the law is the gist of your question though, right?
1. Businesses operating in CA serving CA consumers with either:
2. annual revenue of >$25M,
3. >50,000 data subjects
or %50 revenue derived from selling consumer data.
I'd agree that most businesses will not fall under the law, but I wouldn't say that most wouldn't be effected. Avoiding compliance with the law although your business meets the above factors is also available because the law has exceptions written in. Do you have any questions about exceptions? Such as when a company would not have to comply with a consumer's request to be erased for example?
@Hartenstein_JD Some very detailed information from yourself. I think as Diana suggested it would be good to compare the various legislation in the same fashion that the Cloud Security Alliance (CSA) provides for various international security information standards as further information is gained and developed.
That's an excellent idea. I would definitely benefit from that as well. @Caute_cautim
I have no connection to this firm, but I think they're onto a great start here with this comparison chart.
@Caute_cautim I agree with you that there will be a convergence between Privacy and Security and it will happen faster than we think (unfortunate for some).
PIPEDA in Canada has been around since 2000 and recently underwent some changes (Nov. 2018(.
Great link with lots of great comparisons, definitely helps one understand what is happening.
Here's an article in the Harvard Business Review on Privacy and Security convergence.
New Zealand is about to bring its own Privacy Act into alignment with GDPR. Recent discussions about Blockchain and the use of encryption. So much going on at the moment: