It’s Time for Privacy Pros to Make a Strategic Shift
The importance of effective data privacy can no longer be ignored.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: March 21, 2023
Published: October 30, 2019
You may have heard of the EU’s GDPR (General Data Protection Regulation), but what about the CCPA? That stands for the California Consumer Privacy Act and it’s something every company, despite its size or where it does business, needs to know about.
The CCPA was a bill passed by the state of California legislature, signed into law on June 28, 2018, goes into effect January 1, 2020, and enforcement will begin in July 2020. Similar to the GDPR in the EU, the CCPA grants nearly 40 million California consumers “new rights with respect to the collection of their personal information.” Great for consumers, a little confusing and concerning for businesses who aren’t sure if they’re required to comply.
First, here are just some of the rights the CCPA grants consumers:
Does this mean that every business that has a customer in California has to comply with the CCPA? Not exactly. Businesses are required to comply if they meet just one of the following preconditions:
As long as your business doesn’t check any of the above boxes, you’re off the hook - at least for now. But the question put forth by these proactive governments isn’t what is required to be compliant but what is the responsibility of businesses to its consumers? Good business practices dictate that companies should be seeking "compliance and beyond" by doing more than just the minimum.
We are all consumers. Every one of us has personal information floating out there that we probably would rather be safely protected. It’s a bit unnerving to wonder if our data is being abused, but without many laws in place, we just have to hope it won’t get into the wrong hands. Millions of people aren’t as optimistic. They’ve already been victims of data breaches. For them, it’s too late.
Take, for instance, the Capital One data breach earlier this year where 100 million customers were told their personal data is now compromised. When they filled out forms, created their usernames and passwords, input their data, and searched their site, they had no idea what the bank was doing with all of that data. They didn’t ask and the bank didn’t tell.
Then, there’s the Facebook breach. More than 540 million pieces of users’ personal information was publicly exposed. Just think about what people put on Facebook. Some share more than others, but few realize just how much data Facebook is constantly collecting and sharing about them. They don’t ask. Facebook doesn’t tell.
But it’s not just Facebook that has this data. They allow third-party businesses to have access to your data. Who knows what their privacy policies are, if they even have them. Yet, even as we hear of these breaches, we continue to put our data out there and everywhere, hoping the organizations with whom we do business will somehow safeguard our data. Laws like the CCPA and the GDPR aim to force them and all businesses to do the right thing by their consumers. The regulations may seem like a pain for businesses, but as consumers ourselves, isn’t it the best thing for all of us?
California may be the first U.S. state to put forth such strict consumer privacy rights, but all indications point to more states following suit. If California sets the precedent, here are some of the CCPA regulations that other states are likely to require businesses to comply with in the future:
The clock is ticking. Now is the perfect time to put a plan into place to not only comply with the CCPA and the GDPR, but also to comply with the inevitable privacy laws that will follow. The good news is, once these practices are established, compliance should be much easier, even automatic.
For instance, businesses can place a website cookie consent pop-up box on their website that informs visitors that they use cookies and give them the ability to opt in or opt out. Using a commercial consent management platform, it’s easy to customize the appearance and the language so it’s applicable to the visitor’s geographical location. In this way, no matter which state the visitor resides in, the cookie consent will comply with their state regulations.
Further, tools exist to help businesses streamline their privacy policies and even grade them with a score. These scores can be a great way to advertise how your business puts its money where its mouth is when it comes to protecting consumers’ rights to privacy. The higher the score, the more responsible and proactive the company. Visitors can rest assured they are doing business with a company that meets or exceeds the CCPA, the GDPR, or any state or federal data privacy regulation.
As these privacy standards become more familiar and as more states jump on board, the companies that lead their industry in compliance will have a competitive advantage. Consumers will be able to compare businesses and choose which ones value their rights to privacy and which ones lag behind. As consumers ourselves, which companies would you want to do business with, even if it meant paying a little more? What is your personal data privacy worth? The tolerance for breaches and non-transparency will likely decrease over time.
Businesses who fail to comply will face more than penalties; they risk losing valuable market share they may never recover and they risk losing consumer trust. Rememer, CCPA is just one of many data privacy laws. Good privacy programs abide by and even exceed the requirements of many laws.
Read the definitive guide: California Consumer Privacy Act Guide: Everything You Need to Know
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.