Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law. "Virginia is now just the second state to pass a comprehensive privacy bill. While we're pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it. This bill has some important privacy provisions, but consumers need more practical options for controlling their data."
A new DataGrail report examined how millions of California consumers are exercising their privacy rights - to access their data, delete their data, and stop the sale of their data to a third-party - according to the CCPA, which went into effect on January 1, 2020. It also underscores that the number of data subject requests companies receive varies wildly, depending on their privacy practices.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. The proposition has ardent supporters and detractors on both sides of the online privacy debate, with some saying it was needed to fill loopholes in the landmark California Consumer Privacy Act and others bashing it for not going far enough or reinforcing dangerous practices. Carmen Balber, executive director of Consumer Watchdog, added in another statement that said "Prop 24 enshrines Californians' privacy rights and safeguards them from legislative assault, adds groundbreaking new protections for sensitive information like our race, sexual orientation and location, and creates a European-style privacy agency to protect our rights."
Californians regularly opt-out of companies selling their personal information, with "Do-not-sell" being the most common CCPA right exercised, happening nearly 50% of the time over access and deletion requests, DataGrail's Mid-Year CCPA Trends Report shows. Do-not-sell requests are almost 50% of all DSRs. When CCPA went into effect in January 2020, DataGrail saw people exercise their rights immediately, with a surge of data subject requests going across its platform in January 2020.
According to the survey, 32% of financial organizations have already seen an increase in data subject access rights requests since the CCPA came into force on January 1, 2020. This means that many financial organizations, which are already facing tough times, will need to allocate additional workforce and budget to ensure compliance with the CCPA. Other findings 33% of financial organizations discovered sensitive or regulated customer data outside of designated secure locations.
For businesses preparing to comply with California's new data privacy law, the first challenge is figuring out how much data is covered by the law. Christine Lyon, a partner at Morrison & Foerster and a member of the firm's global privacy and data security group, said that the CCPA establishes a new right that US consumers have never had. She also said that the data protected by the CCPA includes much more than just email address and name.
Through its strategic alliance, Appian and KPMG LLP formally announce a new offering that supports businesses impacted by the CCPA. Built on Appian's low-code automation platform, the offering helps companies quickly and intelligently respond to data privacy requests, while decreasing manual tasks that run the risk of errors. The State of California is one of the first to approve new privacy laws and under the CCPA, consumers have the right to view their personal data collected by a company, delete their data, and opt-out of the sale of their data.
Organizations who plan on manually processing CCPA data subject requests or data subject access requests will spend between $140k - $275k per million consumer records they have in their systems, according to DataGrail. B2C companies should prepare to process approximately 100 to 194 requests per million consumer records each year.
Killi, a consumer-led privacy application, in partnership with 0ptimus Analytics, a data science and technology company, announced the launch of its CCPA compliant audience taxonomy available now in LiveRamp and available for distribution to any global media buying platform. The Killi audience taxonomy is the first user-generated CCPA audiences derived directly from Killi users' opt-in information in which the consumer's participation provides them with a share of the revenue when purchased by a brand or platform.
The Neustar Identity Verification for CCPA and Neustar Identity Resolution for CCPA services enable organizations to fulfill CCPA requests with assurance of risk mitigation in terms of data breaches or fraud as well as non-compliance. While the act provides certain benefits and protections for consumers, it does introduce some risk: fraudsters may make CCPA requests in an effort to acquire sensitive personal information, and organizations with siloed consumer data may unwittingly find themselves out of compliance - and subject to fines - in cases of unmerged or outdated records.