Keeping customer data safe and private in the new decade
With the new decade comes an increasing need for a focus on data privacy, as threats to the data privacy landscape in the form of hackers and data breaches have become more prominent. In response to the implementation of GDPR in Europe back in 2018, many states in the U.S. are beginning to follow suit with their own privacy legislation.
This year, California will enact the California Consumer Privacy Act (CCPA), which will start being enforced no later than July 1, 2020, six months from when the final regulations were issued in January 2020. This new regulation allows for Californian consumers to be more involved with their privacy rights, letting them acquire, restrict the use of or request to delete any information they previously gave to an organization.
Consequently, organizations in California that either gain more than $25 million in revenue or mostly sell consumers’ personal information must ensure that they are fully compliant to avoid paying costly fines. The maximum fine which the CCPA could issue is $7,500. Those violations are considered to be intentional, whereas violations that lack intent is maxed out at $2,500.
Additionally, consumers can collect anywhere from $100 to $750 for each event, but a consumer may receive even more if the justification is warranted.
But this new wave of regulations doesn’t stop with California. In 2019, now in 2020 and beyond, organizations across the U.S. will be more cautious of how they collect and store data, as new regulations have begun to be implemented in states such as Maryland, Texas, Massachusetts and New Jersey. These regulations are all separate from each other, and many of them deal more with breach notifications rather than privacy data and collection, as outlined in the CCPA.
Organizations need not fear these regulations. There are plenty of solutions that can help give organizations and their customers peace of mind. These include making data privacy a priority, utilizing web forms for added security and being prepared to comply with regulations. Let’s take a closer look into how companies can make this checklist a reality.
Make Data Privacy a Priority
According to a recent survey by FormAssembly, maintaining data privacy is important for organizations, yet not all of them have the resources to do so. In fact, 81 percent of respondents said that they are “extremely” or “very” dedicated to making sure their customer data remains private and even have the personnel to prove it. However, only 43 percent of organizations – less than half – said that they have one or more staff members dedicated to privacy-focused roles.
These numbers show that although organizations care about data privacy, they may not have the means to do so. It might not seem that important to have a dedicated team of privacy-focused roles, but it is crucial that every organization has the right resources to prevent or take action against security threats and forthcoming compliance regulations when necessary.
As we have seen over recent years in several data breach cases, the lack of preventative security measures leads to attacks, which leads to broken trust with the consumer and a tainted reputation of the organization overall. That’s why being transparent is a crucial justification when handling data, no matter the classification.
Be Prepared to Comply with Regulations
When businesses hear the word “compliance,” “audit” or “regulations,” they may become a little unnerved, as this is a serious and often complicated process. According to the survey mentioned earlier, the customers surveyed had varying degrees of preparedness.
For example, 42 percent of the respondents affected by the CCPA were very prepared, and 45 percent of respondents affected by the New York SHIELD said they were very prepared. Additionally, out of those not affected by either legislation, only 11 percent indicated they were very prepared, while 62 percent said they were unsure how they would be affected.
It is clear from these results that while most organizations who understand the regulations applied to them are prepared, those who are not under any state-specific regulation have no clear plan on how to deal with potential legislation. Making regulation preparedness a priority is necessary for organizations to thrive, as new regulations could arise and make processes a little more challenging.
Overall, preparedness is key when it comes to protecting consumers’ personal information. Though the CCPA and other similar regulations are currently being enacted, that’s just the beginning – 85 percent of those surveyed said they support the idea of federal legislation, such as the GDPR, rather than state-specific mandates.
Organizations not yet affected by these regulations must still make data privacy a priority, ensuring they have a plan in place for future regulations. Regulation compliance must be a major focus for organizations today, as the data privacy landscape is constantly changing, and they must keep up to ensure that their customers’ information is safe and maintain trust between the company and consumer.