When California became the first state in the US to enact their version of the European GDPR laws to help protect Joe-consumer from corporations with the California Consumer Protection Act (CCPA) – the results have been swift and obvious. LITIGATION!
Consider this law firm’s website tracking CCPA litigation. They outline 16 current actions in flight ranging from Google and Salesforce to Marriott. Like other more civilian laws that take effect – like handicap laws and safety legislation – there is no lack of law firms looking to monetize the CCPA law!!!
What has made this more interesting is the addition of “Prop 24” from the November 2020 election. This change includes:
The proposition enshrines more provisions in California state law, allowing consumers to prevent businesses from sharing their personal data, correct inaccurate personal data, and limit businesses’ usage of “sensitive personal information,” which includes precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information. The Act creates the California Privacy Protection Agency as a dedicated agency to implement and enforce state privacy laws, investigate violations, and assess penalties of violators.The Act also removes the set time period in which businesses can correct violations without penalty, prohibits businesses from holding onto personal data for longer than necessary, triples the maximum fines for violations involving children under the age of 16 (up to $7,500), and authorizes civil penalties for the theft of specified login information.
Where the original provision focused on consumers knowing what a company has and to delete that information, this additions rules around sharing, definition of what is ‘sensitive’, places a retention calendar to the data and placed greater emphasis on protecting minors. It also creates an agency to enforce the law itself.
The law begins to be enforceable on January 1, 2023. Just around the corner when it comes to implementing something of this magnitude around an entire customer corporate strategy
CCPA + Prop 24 is the future driving corporate data governance
If an organization does business with consumers in California, this significantly raises the bar in what has to happen across all corporate data. With over 80% of all information inside an organization buried inside documents and other unstructured systems, what it takes to not just be able to respond to the original CCPA law in effect BUT NOW also add the needs around Prop 24 is a greater imperative for change. The internal labor and external litigation costs will no nothing but GROW!
Platform 3 Solutions is here to bring an understanding of all types of data systems – from the mundane SQL-based to content systems, proprietary data stores and even unraveling network drives and the 1000s of other potential ‘discoverable’ moments when asked for CCPA + Prop 24 certifications. The company has CCPA experience working with some of the largest retailers in the country and they can bring this incremental experience and technology to bring scale and automation in how to make this effort as financially and technical efficient as possible.