Growing in recent years has been consumers distrust in the methods companies have been gathering, using, and sharing their information. With major laws surrounding ePrivacy being implemented there are a few major trends emerging. On June 18th 2018, the California Consumer Privacy Act (CCPA) was enacted with a plan to come in affect January 2020. Like GDPR, this new law will provide consumers with more control over their data – so it’s time we used what we learned from GDPR.
(1) The right of Californians to know what personal information is being collected about them.
(2) The right of Californians to know whether their personal information is sold or disclosed and to whom.
(3) The right of Californians to say no to the sale of personal information.
(4) The right of Californians to access their personal information.
(5) The right of Californians to equal service and price, even if they exercise their privacy rights.
(SEC. 3. Title 1.81.5)
Essentially, CCPA means that consumers have the right to know the categories and specific information being collected, how it is used, and the right to control or delete it without being treated differently by the business.
So what does this mean in the world of Data Governance?
GDPR has inspired a movement around the world to a new gold standard of data protection. Even if none of their customers are covered by law, most major organizations are ramping up their commitment to data governance – investing in IT solutions that will help them comply with the rules and regulations that carry significant fines and penalties.
Firms have started to embrace the new regulations instead of viewing them as a constraint. A Forrester study of 265 respondents found that:
- 48% of firms have an initial budget for establishing compliance regarding GDPR and ePrivacy of 1M+, with 58% spending 1M+ maintaining compliancy.
- Roughly 66% of firms’ compliancy budgets will be spent on new technology and consulting services.
- Firms are turning to vendors to handle their compliancy needs, particularly privacy certification (44%) & risk management and response technologies (43%).
While there has been a high uptake in data governance practices, businesses around the world have often not been successful or have even failed with their quest for compliancy. Legacy solutions have been proven ineffective, as information is spread far throughout the organization, data is not easily accessible by the right people and the organization generally does not understand the extent of the rules and regulations. A TrustArc study reports:
- By the end of 2018, the percentage of survey respondents expecting to be GDPR-compliant (including those companies already compliant) will be 76% EU, 76% U.K., and 68% U.S. 93% expect to be fully compliant by the end of 2019. (Source: TrustArc)
GDPR materialized back in May, and the numbers reflect the shocking news stories we have been hearing from major companies. This is a sign of what is to come, a Janrain study states:
- 69% of American consumers surveyed would like to see privacy laws like GDPR enacted in the U.S. When asked which of the GDPR provisions they’d most like to see enacted, 38% responded with the ability to control how their data is used while 39% favored the “right to be forgotten” rule. (Source: Janrain)
GDPR was the first step, now CCPA – businesses need to be continuously compliant with the growing laws surrounding the marketplaces of the world. A solid foundation needs to be set in place that allows for the protection of customers’ privacy with the data-sharing capabilities needed to thrive in the new environment.
Organizations need a next generation solution, an all-in-one platform that will allow them to not just handle the new age of Data Governance but thrive in it. Secure data, next gen access governance, and controlled distribution will allow businesses to gain that competitive advantage.
CCPA will be all or nothing, as we learned with GDPR. An organization can’t simply aim to comply with a subset of rules, it must cover them all. Businesses need user-enabled, governance-enabled, up-to-date security for every data point, every time.