The CCPA Changed the Compliance Game

Posted inCompliance, Information Security

The California Consumer Privacy Act is the first of many states to up the compliance game. Now a startup has designed a machine to help consumers ensure businesses comply with data deletion requests.

When Americans began to navigate and settle in the western part of the country, it became known as the Wild West. There were no real governing bodies and the local Sheriff’s and deputies couldn’t enforce all of the laws. That’s where we are with the internet, the Wild West. There are few rules and regulations and even fewer guidelines on how to follow them. Compliance bodies set forth penalties for not following guidelines but have been slow to catch up to the real problems. They rely largely on self-reporting via compliance audits, leaving businesses to find their own way.

The industry sector of your business determines which compliance guidelines you have to follow, which audits you have to do and when they have to be done. However, the California Consumer Privacy Act (CCPA) has changed the game. It gives California residents the power to stop companies from collecting their personal information. The only problem is that it also requires those residents to contact each individual data broker, and there are over 100 of them.

DoNotPay, a startup, came up with a service called Digital Health earlier this year. At a cost of a mere $3 per month, their automated data-deletion process will contact data brokers on your behalf and demand that they delete your and your family’s personal information. You will also get to see the types of data that brokers have collected, and it will initiate legal proceedings if companies do not comply. The company offers a few additional services as well.

On top of filing a lawsuit, the failure to comply with a request to delete data can result in fines for the business. Many companies think that a request to remove data is a one-off, that no one is going to follow up on it and it can be handled manually, or worse ignored, and it will go away. DoNotPay changes that. It may overwhelm businesses with requests because it uses a machine to automatically make the requests. Machines do what they are told, so as long as their request remains unanswered, more will go out. This happened with the Telecom arbitration requests and, in some jurisdictions, parking ticket fights.

Technically, CCPA only applies to California residents, but many businesses in other states operate as if it applies to them. As well they should because it won’t be long before that act is applied to the entire country. Consumers don’t want their data collected and just hanging around. Not only does it create a larger chance of their information being exposed in the event of a breach, but they don’t want their information shared.

The advent of the DoNotPay service should serve as a warning to all businesses. It should be expected that more and more companies will pop up offering services to help consumers fight against businesses which are not in compliance. Services around consumer data privacy and corporate data privacy could also pop up.

Keeping your business in compliance year-round is near impossible, but you must make the effort. The items on your audit aren’t just checkboxes, they are there for a reason. If your business is simply going through the motions, you’re doing it wrong. You have to make sure all employees understand confidentiality, privacy and customer/client verification processes. Every employee must be trained when hired and given additional training on a regular basis. You must implement IAM protocols and ensure that no one has access to data and systems that they don’t need to do their jobs.

Compliance regulations and privacy are catching up with the internet. Data collected by companies which claim to be anonymous has been shown to not really be so anonymous thanks to a New York Times exposé released in December. The CCPA is only the first act of its kind. There will be more states that follow, and eventually there will be federal regulations around data privacy.

Some businesses already act as if the CCPA applies to them, even if it does not. This is a smart practice because it gets them into compliance well before their state enacts a similar law. When consumers can pay a mere $3 for a service to contact data brokers and force them to delete their data “or else,” it should be a wake-up call. For the majority of Americans, $3 a month is very affordable. Streaming services cost more, and those are widely used across the country. Businesses should not look at that and assume people won’t do it because it costs money, businesses should look at that and say, “Uh Oh, we better start making sure we’re really in compliance before it’s too late.” Americans are inherently lazy, but not necessarily in a bad way. If they can find a way to make their lives easier, they will. Paying for a service to handle their personal data privacy is something everyone can appreciate, and many Americans will quickly jump on the train.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY