A great deal has been written about the GDPR and CCPA privacy laws, both of which includes a “right to be forgotten.” The right to be forgotten is an idea that was put into practice in the European Union (EU) in May 2018 with the General Data Privacy Regulation (GDPR).
Various government privacy regulations, including GDPR, CCPA, various state regulations, and the draft federal privacy bill currently in Congress (the Consumer Data Protection Act) all include some form of the right to data erasure, otherwise known as the right to be forgotten. Because the regulations don’t specify the specifics behind the right to data erasure, some are questioning what this right means when considering PI deletion. The purpose behind this particular privacy requirement needs to be better understood as to what the regulatory authority was actually trying to accomplish.
Subscribe to the blog and get instant access to the crucial steps to ensure your cloud-based Office 365 migration goes smoothly.
The California Consumer privacy Act (CCPA) was passed last year (2018) with an effective date of January 1, 2020 – assuming no federal actions (check out the blog titled “Will the New California Consumer Privacy Act Stand?” for potential federal actions.)
In June 2018, California passed a new regulation titled the California Consumer Privacy Act (CCPA). Scheduled to go into effect in 2020, this new privacy law goes much further than any other federal or state law – being compared to the recently released GDPR EU privacy regulation. A big difference in the CCPA is the concept of presumed damages - meaning the new law makes it possible to make a claim against a company who has put a consumer’s personal information at risk based on the exposure alone, regardless of whether the claimants can show that the incident resulted in actual damages. However, the bigger question is how the law will affect other states, the federal government, and companies doing business with California residents.
Make no mistake about it, California has passed a digital privacy law that impacts the national and global economy and represents a seismic change for compliance procedures in the US in much the same way that GDPR has changed privacy rules. Not only because California has the fifth largest GDP on the planet, but because of the simple fact that companies are not likely to create dual systems of mapping and processes to differentiate between Californians and its other customers.
At the end of June, California's legislature passed a new privacy law that in effect implements the strongest privacy controls of any state in the U.S. The new law provides a series of new rights to California’s consumers over how their personal data is collected, used, and sold. The new law will come into effect on January 1, 2020, however, on January 1 2020, California citizens will be able to request all data about them going back 12 months, or January 1, 2019.