Do you conduct interstate business in the US? Prepare now for CCPA.

The California Consumer Privacy Act was passed in June 2018 and goes into effect in January 2020. Although it’s ostensibly a state law, CCPA is trying to forge a de facto standard for data privacy in the US in the absence of federal legislation. CCPA is similar to GDPR in that it uses economic presence to urge other regions – US states – to adopt similarly high standards. But GDPR and CCPA do have their own requirements and nuances, and a compliance program specifically architected to address GDPR will not necessarily translate. Businesses with interstate operations will need to take a more holistic and less regulation-specific approach to data management and compliance to remain competitively viable.

The analyst firm 451 Research published the report The California Consumer Privacy Act: not just ‘America’s GDPR’ in March 2019. Integris Software is pleased to offer complimentary access to the report to help companies understand and prepare for the requirements of CCPA. Here are a few highlights of the report:

  • Data privacy and data protection around the world has reached a tipping point. The EU’s GDPR, in effect since May 2018, has been a model for other countries concerned about consumer privacy protections. Moreover, individuals are becoming more aware and more educated regarding the value and sensitivity of their data.
  • How companies handle individuals’ personal data affects consumer trust and confidence in those companies. A recent 451 Research survey shows that 26% of US consumers are less trusting of US businesses than they were one year ago. Significantly, 90% of the survey respondents expressed concern about the ability of the companies they do business with to adequately protect their personal data.
  • Most large businesses in the US have California residents as customers, thus pressing the adoption of CCPA’s standards elsewhere in the nation. Other states are in the process of developing their own privacy laws. What could result, in the absence of a federal standard, is disparate privacy requirements in the US, with each state having different protections for its residents.
  • GDPR and CCPA have much in common in their core principles, but they also differ significantly in the details. It’s key for organizations is to tackle core, shared requirements at the architectural data management level and address individual nuances of each regulation with tools higher in the stack only as necessary. Such an approach allows for flexibility amid evolving regulations, and ultimately, cost savings.
  • Data privacy and data protection regulations are largely more process-oriented than they are technology-oriented. Investment in platforms that help coordinate processes across various data protection and data privacy stakeholders can especially benefit the business, even when these platforms do not exert direct control on data themselves.

Learn how GDPR and CCPA are similar as well as how they differ. Read the full 451 Research report here.