This article originally appeared February 10, 2020 in the Orange County Business Journal.
January 1 signaled the beginning of a new data privacy age in the Golden State, as the California Consumer Privacy Act (CCPA) created tailored regulations for residents and organizations doing business in California or with those located in the state.
These new regulations may be confusing to organizations of any sizes, but small businesses especially. Most small business owners haven’t thought about the insurance level or the ramifications of a data breach, yet 75% of them come from small businesses.
While the law went into effect in January, the California Attorney General will likely delay enforcement until July, so it’s never too late to gain a better understanding of new data privacy laws, assess current security measures and implement new policies to ensure future compliance.
Know Your Customers’ Data Rights
The CCPA has a long list of items it defines as Personally Identifiable Information (PII) – which includes everything from name and household information to biometric data and internet activity – and it gives consumers greater control over the collection and use of PII. It’s your organization’s responsibility to have prominent, publicly-posted contact information with a path to a Data Privacy Officer who can assist individuals in accessing, updating or removing their personal information, and with opting out of marketing materials and the sale of their data.
You Must Also Hold Your Vendors Accountable
The requirements for data privacy security extend out from your organization and into all the third-party vendors you use in your day-to-day operations. If your customer or employee data is shared with a third party, it’s your responsibility to ensure it complies with all applicable data privacy regulations. To protect your organization, all Service Level Agreements (SLAs) should be updated to reflect your specific data privacy requirements, and how your organization expects your customers’ data to be handled.
Sarah Lynn is a Partner in BPM’s IT Security Advisory practice, which helps businesses around the country identify cybersecurity threats, minimize liabilities, prepare for audits and more. She has nearly two decades of advisory experience and has extensive experience assisting clients with data privacy compliance. To learn more, contact Sarah Lynn at [email protected].