Do you know how secure your private information is online?
Most individuals and companies probably believe there are safeguards in place, but frequent news stories about data hacks and security breaches suggest that not enough is being done to keep private data private.
The state of California decided to do something about it. A new consumer privacy law passed in June of this year, and will go into effect on January 1, 2020. Some legal experts have described it as the strongest law of its kind in the U.S. – however, it is not as strict or as far-reaching as a previous version, which placed even greater restrictions on how and when companies could collect and/or sell a consumer’s personal information.
How is “personal information” defined? In this case it means not just name, email address and Social Security number, but also IP address, geolocation data, shopping, browsing and search histories, and consumer profiles based on inferences from personal information.
In other words, if you buy dog food online, that information cannot be collected and shared with other companies that sell pet-related products, who obviously would prefer to make their pitches to consumers who might be interested.
Typically, consumers are classified by identifiers through “cookies,” which track your online activity. These are invaluable to advertising and technology firms, but the new law gives consumers the right to demand that any such information collected from these cookies be deleted.
In addition, companies that collect cookies will have to secure that data, or face a class-action lawsuit if the information they contain is ever stolen.
Still Not Tough Enough?
To critics, the law is not as strict as The California Consumer Privacy Act of 2018, a previous version that was headed toward a vote in the November election. Unlike that legislation, the new law is vague on personal information that is ‘de-identified’ or incorporated within anonymous audience pools of data. Advertisers will still wish to track how many people click on a particular ad, for instance, and will be allowed to do so as long as they cannot identify individuals by name and email address.
Of course, such restrictions make this data less valuable, as it identifies only trends and not specific potential customers.
The challenge for advertisers will be navigating through a minefield of potential fines, penalties and lawsuits, at a time when almost every kind of data is connected to some other data that can be associated with a specific person.
As Goes California…
Of course, there are no borders on the internet, where millions of individuals and businesses buy and sell products with those in other states and other countries every day.
As a result, the new California law will affect not just California residents, but businesses throughout the country. If a company if required to reconfigure their online systems to treat California IP addresses differently than those from Texas or Delaware, most are likely to just provide the same data sharing opt-out to everyone.
Not surprisingly, the law was not supported by the Internet Association, a group that represents such tech giants as Google, Facebook and Netflix. Representatives claim that the requirements of the bill would be very difficult to implement, and may affect the ability of some companies to do business in California.
Don’t Wait Until 2020
There are still 18 months before the new law goes into effect. But you don’t have to wait that long to get ready.
Security always is and has always been an essential facet of the services provided by 360 BC Group. Through our decades of experience in web design, technology development and hosting services, we understand where vulnerabilities exist, and we integrate security features into every product we build.
Additional measures will be required if this bill passes – 360 is eager to help our clients and any California business make the necessary changes to be in compliance with this new law.