Three Questions to Ask Yourself Now that CCPA is Here
Posted in Company on Jul 07, 2020
While the U.S. federal government continues to drag its feet, individual states have taken action to ensure tighter consumer data privacy.
The California Consumer Privacy Act is enforceable by the California Attorney General's office as of July 1st, and the legislation has raised the bar in the US to GDPR-level standards (and beyond), even as New York and other states, such as Washington, are working on even tighter laws.
There’s been – and will likely continue to be - significant pushback from attention merchants like Facebook and Google to these initiatives. These are companies whose troves of non-consensually gathered behavioral and personal data fuel a $76 billion personal data economy in the US alone – so their objections were predictable.
Yet California and New York legislators have the right idea. GDPR has largely had the expected effect of reining in the consumer data free-for-all that the US is still experiencing.
And having run a jointly UK/US based company through the advent of GDPR, I can definitely say that it’s survivable. We prepared ourselves through planning, careful execution and long-term strategy – and made the transition to GDPR just fine.
That said, no legislation is perfect. Since its implementation, a number of serious and unintended GDPR consequences have come to light. To avoid these, companies subject to CCPA should be asking themselves:
Who has Data Sovereignty?
Where personal data is stored became important under GDPR, and promises to become a real challenge when Brexit goes through. Under the CCPA, ask yourself if you need to limit your cloud footprint to only approved regions to ensure data sovereignty requirements are met.
Is there Data Portability?
One of the more glaring differences between the CCPA and the GDPR is the issue of data portability. Since the CCPA merges the right to access with the right to data portability, ask yourself if you can move it before you store it. Sifting through massive data lakes to find personal identifiable information is the just the first challenge – getting into a readily portable format is a whole other story.
How will Legal Loopholes Affect You?
One of the key stumbling blocks of any legislation is how it holds up in the real world and especially the courts. GDPR, for example, has actually been exploited in litigation discovery to facilitate the de facto violation of privacy. Ask yourself whether you’ve got the legal team in place to help you prepare for the inevitable complications associated with what is still an evolving legal playing field.
The Bottom Line
If your company isn’t ready for CCPA, you’re not alone. A recent study found only 12% of respondent companies had reached an “adequate state of compliance” to the law, and that 38% of non-compliant companies would need 12 months or longer to attain compliance – well beyond today’s enforcement of the law. Start your CCPA journey by asking questions so you are not only compliant but also prepared for the inevitable changes yet to come in the privacy arena.
About the author
Van Diamandakis, SVP of Marketing, WANdisco
Van is a proven Silicon Valley technology executive with over 25 years of operational experience that draws upon his track record leading global marketing transformations, driving to meaningful financial events including IPOs and acquisitions. Van has been at the forefront of B2B technology marketing and brings a unique ability to marry creativity, data, technology and leadership skills to rapidly build brand equity and successfully navigate tech companies through inflection points, accelerating revenue growth and valuation.