Digital Journal reports on consumer awareness of the California Consumer Privacy Act (CCPA), which goes into effect in 242 days; the numbers are dismal. Even though CCPA provides data protection standards close to EU’s General Protection Data Regulation, which Mercator Advisory Group covered here, 46% of U.S. employees were unfamiliar with this sweeping regulation.
The protections afforded to Californians, which constitute 10% of the US population, has wide-ranging impacts to many businesses, with a particular focus on payment cards. DJ reports:
- The survey found that in relation to the new act’s credit card information guidelines, 58 percent of business employees said they had not heard of the privacy requirements which are based on a global set of payment card industry (PCI) guidelines that govern how credit card information is handled.
- In terms of cybercrime reporting, the poll showed that 12 percent of employees said they were unsure if they should report a cybercriminal stealing sensitive client data while at work. Theft of login credentials was considered the most serious threat to sensitive data, such as with disgruntled employee stealing data and phishing emails coming next.
But the numbers get worse when you look at how well businesses are prepared to comply. Fortune magazine reports that business recognition is just as bad, in an article entitled “Most Companies Aren’t Ready for California’s Tough New Privacy Law”
- The results show that 86% of respondents have not completed preparations to be compliant with the new California law. Companies will have to create complex tools that will identify the data they collect, organize it, and give consumers easy-to-use technology to delete it.
- The survey results are based on responses 250 professionals, who are at least partially responsible for privacy matters at companies with 500 or more employees. The questions related to their preparations for California’s new law, which could impose penalties up to $7,500 per infraction for companies that fail to comply.
King & Spalding, a top U.S. law firm summarizes the scope of the law, in a detailed review at JDSupra.
- The CCPA applies broadly both in terms of who and what is covered: the definition of “personal information” (that is, information that can reasonably be linked to a “consumer” or “household”) is uniquely expansive, and virtually all companies of substantial size who do business in California would be covered. The CCPA applies to all information about a consumer—not just electronic information.
- Consumers’ new rights include learning what specific information companies have collected about them over the preceding year and why, accessing or requesting the deletion of the information, and opting out of the sale of information.
This is not California Dreaming. Non-compliance to data security standards brings large penalties. Ask Mark Zuckerberg, as Facebook faces fines estimated at between $3 and $5 billion, according to CNN.
Overview by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group