CCPA changes privacy as we know it: Here’s why
On January the 1st, 2020 the United States will put more pressure on businesses and 3rd parties to handle consumer data with much more needed care and by doing so, joins the club of privacy conscious regions around the globe. This is all thanks to having the California Consumer Privacy Act (CCPA) fully come into force.
Members of the club already consist of: the European Union with the General Data Protection Regulation (GDPR),the United Kingdom with the Data Protection Act (DPA), Australia with the Data Protection Amendment Act (DPAA), Singapore with the Data Protection Regulation of Singapore (DPR), Macau with the Cybersecurity Law of Macau (CLM), and the list just goes on.
All these regulations are in effect to modernize personal data collection and processing while putting greater emphasis on data subject privacy. All the enlisted regulations have three things in common:
1, Defining what is considered to be personal data.
2, Describing the rights of data subjects and the responsibilities of data controllers / processors.
3, Providing guidelines on how organizations should secure personal data and what to do in the event of a data breach.
The same, but different
In terms of its content, the CCPA adds nothing extremely new to the table. It talks about user rights such as the right for erasure, the right for consent and the right to opt out. Sound familiar? One might say that it is rather similar to the other privacy regulations, which is not far from the truth. What makes this one significant is more the region it applies to. With this regulation the US, one of the largest global regions, admits that online privacy is critically important and should be addressed. Once the CCPA comes into force something much bigger will follow.
Global standardization in the making
By having so many highly similar privacy regulations accepted on a global scale, this simple modernization attempt can easily shift to a standardization effort. Whenever something becomes a standard it will require everyone to do things the same way.
A good example for standardization is when the USB port first appeared. Back in the day, computers had to use specific ports for every extension e.g.: mouse, keyboard, printer and so on. But since this was standardized, all these devices can be connected using the same port. What is happening now is quite similar, but it is happening to the processes used during personal data collection, processing and protection.
A glimpse into the future
Standardized personal data management essentially means that every organization will follow the same set of rules, making cross-border and cross-business cooperation much easier. It also creates a foundation for new processes, regulations and technologies to rise from.
Tresorit, a privacy champion company, fully supports the privacy modernization & standardization effort.