As I mentioned in the blog post from yesterday, data privacy
is now becoming one of the main de facto standards in the world of
Cybersecurity today. Some of the most well-known
ones in this regard are the GDPR and the CCPA.
But, as I was perusing the Cyber news headlines this morning, I came
across an article which discusses how California is about to set a new version
of its current CCPA.
So far, it is the proposed bill status, and it is entitled the
“California Delete Act”. It is geared primarily
towards the data brokers that collect large amounts of consumer data, but don’t
vet what is collected to protect the privacy of the consumer. While the CCPA gives you the power to have data
deleted from any company, this new bill will actually give you the ability
to delete this data on your own authority.
The exact wording of the bill can be seen at this link:
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362
The details on the privacy risks that are brought on by the data
brokers can be seen at this link:
https://www.darkreading.com/risk/the-danger-of-online-data-brokers
Some of the provisions of the proposed bill include the
following:
*Require that all data brokers that collect data from
California based consumers register with the CCPA.
*Provide opt out procedures for consumers.
*Keep a public listing of all of the consumers that have want
to have their data deleted.
*In a manner similar to the “Do Not Call List”, provide a “No
Consumer Tracking List”.
In order to facilitate these provisions in a quick manner
all data brokers will be required to maintain an online portal where consumers
can log in and immediately delete any data they want to.
Some of the FAQs so far are as follows:
1)
Will this bill pass?
It is expected that it will pass by
a wide margin, given that data privacy is such a hot topic issue today.
2)
How will it impact the data brokerage industry?
If this bill does indeed pass, it
will be the first warning of its kind to the industry that they need to keep their
guards up for any data leakages that could potentially happen. They will also be audited, and fined $200 per day per affected consumer
until the proper remediations and controls have been established.
3)
How will compliance be enforced?
This is the part where there will
be the most controversy. If the bill
passes, the state of California simply will not have all of the manpower that
it needs to enforce each and every provision for every data broker. This means that the industry will have to be
on the honor system. The only compliance
efforts that will happen will come from the office of the Attorney General, and
just like for the CCPA, this will only happen if there are a large number of complaints
from the consumers.
My Thoughts On This:
Believe it or not, it was the passage of the CCPA that was
the catalyst for the other states to create their own data privacy laws. Once this new bill passes and becomes law, it
is expected that the same will also happen.
But the problem now is that you are going to have fifty states with their
own delete and opt out laws, which can be a nightmare for businesses to come
into compliance with.
This is made only worse if they transact business in other
states. There will be a huge cost that
will be borne to keep up with compliance, and this could even shut some
businesses down, especially the SMBs. Because
of this, Congress has even looked into creating a federal version of the
proposed California bill, so that there will be a sense of uniformity.
The details of this can be seen at the link below:
https://www.congress.gov/bill/117th-congress/senate-bill/3627
All of this reaffirms my belief yet once again that the
United States needs a Department of Cybersecurity, so that any laws or bills
will impact everybody across all of the fifty states in the same manner,
nothing more and nothing less. In fact, I
will be writing a whitepaper on this very topic, so stay tuned!!!
No comments:
Post a Comment