Saturday, August 5, 2023

How You Can Protect Your Data With The CA Delete Act

 


As I mentioned in the blog post from yesterday, data privacy is now becoming one of the main de facto standards in the world of Cybersecurity today.  Some of the most well-known ones in this regard are the GDPR and the CCPA.  But, as I was perusing the Cyber news headlines this morning, I came across an article which discusses how California is about to set a new version of its current CCPA.

So far, it is the proposed bill status, and it is entitled the “California Delete Act”.  It is geared primarily towards the data brokers that collect large amounts of consumer data, but don’t vet what is collected to protect the privacy of the consumer.  While the CCPA gives you the power to have data deleted from any company, this new bill will actually give you the ability to delete this data on your own authority.

The exact wording of the bill can be seen at this link:

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362

The details on the privacy risks that are brought on by the data brokers can be seen at this link:

https://www.darkreading.com/risk/the-danger-of-online-data-brokers

Some of the provisions of the proposed bill include the following:

*Require that all data brokers that collect data from California based consumers register with the CCPA.

*Provide opt out procedures for consumers.

*Keep a public listing of all of the consumers that have want to have their data deleted.

*In a manner similar to the “Do Not Call List”, provide a “No Consumer Tracking List”.

In order to facilitate these provisions in a quick manner all data brokers will be required to maintain an online portal where consumers can log in and immediately delete any data they want to. 

Some of the FAQs so far are as follows:

1)     Will this bill pass?

It is expected that it will pass by a wide margin, given that data privacy is such a hot topic issue today.

2)     How will it impact the data brokerage industry?

If this bill does indeed pass, it will be the first warning of its kind to the industry that they need to keep their guards up for any data leakages that could potentially happen.  They will also be audited,  and fined $200 per day per affected consumer until the proper remediations and controls have been established.

3)     How will compliance be enforced?

This is the part where there will be the most controversy.  If the bill passes, the state of California simply will not have all of the manpower that it needs to enforce each and every provision for every data broker.  This means that the industry will have to be on the honor system.  The only compliance efforts that will happen will come from the office of the Attorney General, and just like for the CCPA, this will only happen if there are a large number of complaints from the consumers.

My Thoughts On This:

Believe it or not, it was the passage of the CCPA that was the catalyst for the other states to create their own data privacy laws.  Once this new bill passes and becomes law, it is expected that the same will also happen.  But the problem now is that you are going to have fifty states with their own delete and opt out laws, which can be a nightmare for businesses to come into compliance with.

This is made only worse if they transact business in other states.  There will be a huge cost that will be borne to keep up with compliance, and this could even shut some businesses down, especially the SMBs.  Because of this, Congress has even looked into creating a federal version of the proposed California bill, so that there will be a sense of uniformity.

The details of this can be seen at the link below:

https://www.congress.gov/bill/117th-congress/senate-bill/3627

All of this reaffirms my belief yet once again that the United States needs a Department of Cybersecurity, so that any laws or bills will impact everybody across all of the fifty states in the same manner, nothing more and nothing less.  In fact, I will be writing a whitepaper on this very topic, so stay tuned!!!

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...