Add another layer to your #Business literacy. We at Serebral360° would love to know if the Forbes – Entrepreneurs article was helpful, leave a comment, like and share. Let’s dive in and discuss the information and put it to use to grow your business. #BusinessStrategy #ContentMarketing #WebDevelopment #BrandStrategy
Info@serebral360.com 762.333.1807 www.serebral360.com
Grap a copy of our NEW Business Stratgety Books #FFSS VOL1 and #FFSS VOL2
For all of you who have been looking from afar at the impact of the General Data Protection Regulation (GDPR) on companies that do business in Europe and thought, “Well, that won’t affect me much,” please think again.
The California Consumer Privacy Act (CCPA), passed last year, is due to take effect in its current form on January 1, 2020. And, like the GDPR, its effect will stretch far beyond the borders of the Golden State.
Here’s why: The CCPA says if your for-profit company is based or does business in California and meets any one of the following three criteria, you must comply:
• Your company generates gross revenue of more than $25 million a year
• Your company receives or shares personal information of more than 50,000 individuals
• Your business earns at least half of its annual revenue by selling the personal information of California residents
It’s also far more stringent, giving Californians more control over their personal information than virtually any existing law on the books today across the United States. The CCPA says, in part, that “a consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.” It also says that consumers have the right to know what personal information a company has about them, where they got it from, why they have it and with whom they share it. Most importantly, it gives Californians the right to forbid companies to sell their information to third parties. So, even if you’re not based in California, there’s a pretty good chance your firm may be covered if you have customers or employees based there.
The kicker here is the phrase “personal information.” The CCPA, according to the Data Protection Report, “sets a new precedent with its sweeping definition of personal information,” including sites you’ve visited on the internet, your location, even “inferences drawn” that can be used to “create a profile about a consumer reflecting the consumer’s preference, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.”
It, therefore, becomes more important than ever for companies to be able to determine exactly what data they possess about a given person and to determine where it resides. Because if a customer exercises his or her “right to be forgotten,” to have their data deleted, the CCPA could easily end up costing a company millions of dollars in civil penalties and statutory damages. For instance, let’s say your firm is found to have information about 1,000 customers after they’ve requested its removal from your files. If that data is not removed within 30 days after you’ve been notified of your noncompliance, each instance could cost your company $2,500 in civil fines, for a total of $2.5 million. And if the courts find that you held onto the information deliberately, triple that amount.
A code of conduct should also be considered. The code of conduct will help set expectations for the organization, outsourcers and stakeholders. It will also play a crucial role in the development of a crisis management plan for breaches of personal data that addresses regulatory requirements, minimizes impacts and restores customer confidence. Enterprises must understand, however, that sensitive data is almost always present both at rest and in motion within the company. Therefore, understanding data sensitivity, along with a code of conduct, will help organizations in developing and enhancing their data protection strategies.
The good news is that there’s still time to take the necessary steps to achieve compliance with CCPA by January 2020. Start preparing now!
July 10, 2019 at 08:02AM
Forbes – Entrepreneurs