Data privacy is nothing new. Keeping your personal information safe from getting it into the wrong hands has always been important. That’s why people lock file cabinets or rent safety deposit boxes at their banks.
In today’s digital age, that personal information is not only stored in these locked places, but it is also digitized. We bank and shop online, our medical information is stored in healthcare databases, we engage in social media, text message on mobile phones, and communicate through email. These practices and others have resulted in data privacy taking on greater importance.
New Data Privacy Rights
Under the most sweeping data privacy law in the U.S., California residents can now ask to see what personal information that businesses operating in the state have compiled on them. The California Consumer Privacy Act (CCPA), which took effect on January 1, grants a series of new rights to consumers in the Golden State.
They can now ask businesses that meet certain requirements, such as:
- $25 million or more in annual revenue; or
- Possess the personal data of more than 50,000 consumers, households or devices; or
- Earn more than half of its annual revenue selling consumer personal data
to provide a detailed listing of all information stored within their information systems. In addition, California residents can also ask the businesses to opt-out of the sale of their personal information as well as request that they delete all personal information from their systems.
CCPA Business Obligations
Businesses located inside and outside California have been scrambling to become compliant so they can continue to do business in the most populous state in the country and avoid the penalties and fines associated with non-compliance. netlogx is assisting one such company, an Indiana insurance firm that is subject to this new data privacy act. We are identifying and mapping its policy holders’ personal information, which is being stored in numerous company databases.
This data mapping exercise involves reviewing where this data resides at rest, how and where it is transferred, who has access to it, and what it is used for? This knowledge has given this company the ability to comply with the required personal data access requests from California policy holders.
Helping our client comply with CCPA was the initial objective of netlogx’ data mapping engagement. It has since evolved to identifying all insurance customers’ personal information, regardless of their state of residence. This insurance firm wants to be proactive; anticipating that more state or federal data privacy regulations will be forthcoming as well as documenting and developing a more robust security environment
Under the CCPA, businesses can be fined $2,500 per violation, or $7,500 if the violation is found to be intentional. These fines could become very costly, especially if the violations affect large groups of California consumers.
If you believe your company is at risk for not being CCPA compliant, please contact netlogx for a consultation at [email protected].