On June 28, 2018, California legislators passed one of the toughest data privacy laws in the country. Targeting tech companies like Amazon, Facebook, Google and Uber, the California Consumer Privacy Act restricts data harvesting practices by requiring businesses to disclose the type of data they collect about consumers. The law only applies to residents of California and allows applicable consumers to opt-out of having their information sold to third parties, including advertisers.
The California ruling shares several similarities with the EU's General Data Protection Regulation (GDPR), which went into effect in May. Unlike the GDPR, however, this law doesn't require that consumers opt-in to grant companies permission to collect their personal information. The law also doesn't require that companies offer consumers the right to opt-out of data collection altogether, although it does allow consumers to request complete deletion of their personal data.
Tech Giants Aren't the Only Targets
While initially designed to focus on curbing how tech giants handle data, any company that does business online and collects personal information will be impacted by the California ruling, even small and medium businesses. Furthermore, companies will face steep fines if they fail to comply. For instance, under the law, consumers have the right to sue companies for up to $750 for every instance of a data breach violation, and state attorneys general can sue companies for intentional violations of privacy at up to $7,500 each.
With the California law slated to go into effect on January 1, 2020, companies have just over one year to prepare. Below are four key considerations small and medium businesses should prioritize during their preparation:
To read the full article, head over to IT Security News.