The California Consumer Privacy Act became law Jan. 1, but the actual process of drafting the regulation continues, with a final version expected before the July 1 enforcement date.
After requests from data privacy and cybersecurity experts for additional clarity in the law, the California Attorney General’s office released some of the first major proposed updates to the CCPA, with implications for both consumers and companies.
One of the more significant proposed updates to the data privacy law is a clearer definition of “personal information” in a new section, “Guidance Regarding the Interpretation of CCPA Definitions.” The key takeaway, according to a VentureBeat article, is whether or not data is classified as personal information will depend on if it is linked--or can be linked--to a consumer or household. The section allows for other definitions essential to understanding and implementing the regulations to be added later.
The proposed updates clarify how consumers will receive opt-out and other data privacy notices, and specify how, and when, companies will deliver a consumer’s request for data. New exceptions to the rule are listed out for businesses, specifically when it comes to responding to a consumer’s request to know what personal information has been collected about them, their children and their devices. Similarly, the update adds some color to when service providers can retain, use, or disclose personal information.
Many companies may struggle to keep pace with the proposed CCPA revisions, and with future regulations. To prepare for these changes, organizations might start by assessing their own data structures and separating what they’re asking of customers from what’s being tracked without consent.
A DigitalCommerce360 article suggests businesses should consider how much of the information they collect is necessary, and will realistically benefit the consumer experience, as opposed to what’s being captured simply for the sake of being captured.
States including New York and Nebraska are moving forward with privacy legislation, as are India and other countries. With data privacy top-of-mind both in the U.S. and abroad, consumers are sure to continue to voice their concerns.
To stay ahead of future data privacy laws and maintain consumer trust, companies will be wise to work toward CCPA compliance. Pursuing a consumer-first approach while prioritizing data organization and data policy transparency could be keys to success.
About the AuthorMore Content by LRN Corporation