It’s past your bedtime. Do you know where your private personal data is? Do you know who has access to that data? Your answers are probably ‘No’. That’s because you’ve handed over a lot of private data to service providers on the internet and trusted that they’re protecting you and that data. Recent events have shown that’s not always the case and a new law in California aims to fix that.
New legislation will add significant privacy protections for Californians and place new burdens on businesses. While the new legislation applies only to residents of California, most businesses will have customers in the state and do collect some level of private information from customers, so this legislation has broad implications for marketers even outside the state.
Earlier this year law makers in California introduced sweeping consumer privacy legislation. The California Consumer Privacy Act of 2018 unanimously passed in the California State Assembly and Senate, was signed into law by the Governor and will go into effect in 2020. The Act is the most sweeping consumer privacy legislation ever passed in the United States and gives consumers broad control over personal information collected by businesses. The law is not specific to any one digital channel, but spans all channels where personal information is collected, stored and used by marketers.
Californians will have the following rights under the law:
- Right to know what personal information is being collected and whether it is sold or disclosed and to whom
- The right to say no to the sale of personal information
- The right to access their personal information
- The right to equal service and price when privacy rights are exercised
Businesses have enjoyed great freedom in how they collect and use consumers' private information. Consumers have had little recourse when their private information is compromised. Recent high-profile incidents involving private consumer data collected by marketers in the digital realm have rattled users of social media and other internet services. Data breaches exposed millions of consumers' credit information. Consumers' social media data was misused by Cambridge Analytica. Users' trust of these services is eroding.
The law will enact several requirements which will directly impact how marketers interact with consumers in California and manage their personal information across a broad range of marketing media. These requirements include:
- Inform customers at the point of collection what personal information will be collected
- Allow consumers free access to their personal information and make the information available in a portable and readily usable format that can be transmitted to another service
- Delete a consumer's personal information on request
- Disclose on request personal information collected, the purpose for collecting or selling personal information, and any third parties with which personal information was shared
- Honor consumers' requests to opt-out of having their personal information sold to third parties
- Provide a prominent "Do Not Sell My Personal Information" link on the homepage to facilitate the consumer opt-out process
- Provide the same level of service and price even when a consumer chooses to exercise their rights under the Act
When the Act goes into effect in 2020 marketers must be ready to comply, with new procedures, processes and customer facing tools. Companies will also need to decide if they will treat California consumers differently from those outside California.
The law will be enforced by the Attorney General of California, and the Act creates a "Consumer Privacy Fund" to offset costs of enforcing the Act. Consumers will also have a private right of action if companies fail to adequately protect their personal information under the requirements of the Act. Penalties for data breaches are also laid out in the Act.
This legislation, and others like the recently enacted General Data Protection Regulation (GDPR) in the European Union, reflect a rising tide of personal data protection for consumers. The message from these enactments is clear: consumers must maintain primary control over their own personal information and businesses must provide access, transparency and strong safeguards to protect consumers' personal information.
Marketers should study this new legislation and start planning now on how to comply. 2020 will approach quickly, and businesses that are not ready to comply may be subject to penalties if they don't meet the requirements of the Act.
from Oracle Blogs | Oracle Marketing Cloud https://ift.tt/2NHtSyt
via IFTTT
