One month after GDPR went live, seemingly out of nowhere California passed its own consumer privacy act, which by 2020 will give California-based consumers similar data protections that EU-based individuals now enjoy. These include the right to know what data is being collected and how it’s being used, the right to refuse the sale of such data, and the right to delete such data. The law, based on an opt-out consent model as opposed to GDPR’s op-in requirement, will impact any business, large and small, that collects data on California-based customers.
After years of high profile data breaches and growing consumer resistance to the data tracking practices of digital advertisers and businesses (more than 615M devices are now blocking ads, according to last year’s PageFair Adblock Report), the California Consumer Privacy Act of 2018 comes in the wake of the Facebook/Cambridge Analytica scandal. It seems public trust may have finally reached its breaking point: According to a recent survey by identity management provider Janrain, 57% Americans say the Cambridge Analytica breach made them even more concerned about data privacy. In the same survey, 69% reported wanting to see GDPR-like privacy laws enacted here in the US.
They may be getting their wish. Businesses are now realizing they need to start thinking about preparing for the dawning of a new age that’s giving consumers greater control over their personal data. Sure, businesses could calibrate their data governance systems to treat California data differently just as they’re doing with EU customers, but not only would this be an expensive option for many companies, this would create segmented data policies within a single country connected by phones, messaging and social media. The data protections enjoyed in California are bound to eventually catch fire among other states. Data-driven, consumer-facing organizations must either adapt to a business landscape that will be increasingly be fueled by consent or face being left behind. Consent, it appears, is the new currency.
The good news is the writing was on the wall and many businesses are already preparing for the changing data landscape not only by implementing compliance programs that meet the requirements of GDPR but also looking at how to transform their digital marketing and product development into privacy by design practices that work within new consumer expectations for data privacy, security and control. But for those organizations that thought they could avoid adhering to such data privacy/security standards as long as they weren’t catering to EU-based citizens, the new Golden State mandate was a bit of a shock. With all the data that’s been collected over the years, how does one begin to determine which data is regulated and how it can be managed to ensure compliance?
Here’s where Waterline Data can help. With our GDPR Data Management Solution, businesses can discover, govern and quickly report on any California, GDPR or other regulated data. Typical data governance tools can tell you what kinds of data should be considered sensitive. The problem is, they assume you already know where the data resides. There are other tools that can be deployed at the data security and storage level, and they’re very good at helping you lock down sensitive data. But these tools suffer from the same problem. They don’t tell you:
– Where regulated data is located
– Where the data came from or where it’s going
– How to identify, report and control new regulated data is it comes in
Waterline Data provides the only solution that directly addresses the challenges presented by the growing number of data privacy laws with software that automatically discovers regulated data, generates reports on the status of your compliant and non-compliant data, and makes it easy to secure your data.
Check out our white paper on data governance to learn more.