How SMBs can prepare for California's new data privacy law

On June 28, 2018, California legislators passed one of the toughest data privacy laws in the country. Targeting tech companies like Amazon, Facebook, Google and Uber, the California Consumer Privacy Act restricts data harvesting practices by requiring businesses to disclose the type of data they collect about consumers. The law only applies to residents of California and allows applicable consumers to opt-out of having their information sold to third parties, including advertisers.

The California ruling shares several similarities with the EU's General Data Protection Regulation (GDPR), which went into effect in May. Unlike the GDPR, however, this law doesn't require that consumers opt-in to grant companies permission to collect their personal information. The law also doesn't require that companies offer consumers the right to opt-out of data collection altogether, although it does allow consumers to request complete deletion of their personal data.

Tech Giants Aren't the Only Targets

While initially designed to focus on curbing how tech giants handle data, any company that does business online and collects personal information will be impacted by the California ruling, even small and medium businesses. Furthermore, companies will face steep fines if they fail to comply. For instance, under the law, consumers have the right to sue companies for up to $750 for every instance of a data breach violation, and state attorneys general can sue companies for intentional violations of privacy at up to $7,500 each.

With the California law slated to go into effect on January 1, 2020, companies have just over one year to prepare. Below are four key considerations small and medium businesses should prioritize during their preparation:

  1. 'Personal data' is loosely defined.

    According to the ruling, any company that grosses at least $25 million annually, shares personal information of 50,000 or more consumers, households or devices for commercial purposes, or makes more than 50 percent of its revenue from selling data is subject to the law. The definition of ˜personal information' is loosely defined, however, so it's critical that small and medium businesses look closely at the data they're collecting to determine if they're liable, even if they aren't meeting the financial thresholds of the law.

To read the full article, head over to IT Security News.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375