California has put forward new regulations that will establish the ways in which the US state’s new privacy law, the California Consumer Privacy Act (CCPA) will be enforced.
The CCPA is a ground-breaking new legislative framework on the US data privacy landscape, set to come into effect on the 1st January 2020. Taking inspiration from the EU’s General Data Protection Regulation, the new laws are designed to give consumers enhanced control regarding how private enterprises collect, store and share personal data.
The CCPA represents the strongest data protection stance yet taken by a US state, with regulations for its upholding released by California’s Attorney General Xavier Becerra during a recent press conference.
Under the new laws, citizens will be able to ask for the data held on them to be erased, have say on how their data is handled and decide whether they want their information to be sold to a third party.
The regulations would also oblige businesses to comply with a “Do Not Sell” link built into websites, and to view consumer choices made in privacy settings as valid opt-out requests. Firms that process personal data for more than 4 million consumers will have to adhere to additional standards.
According to the Attorney General’s office, companies will have to spend between $467 million and $16.5 billion between 2020 and 2030 as they align with the regulatory requirements. Moreover, the regulations will also help to safeguard over $12bn worth of data that goes into advertising annually.
The privacy law was passed in last year following a number of high profile scandals that rocked the giants of Silicon Valley; Facebook and Google were among those to be hit by major data breaches which continue to draw global attention to ethics and standards within data handling in the US.
At the press conference, Becerra said:
“Americans should not have to give up their privacy to live and thrive in this digital age. It should not come as a surprise then that California is the state to take on this challenge.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/