CCPA: Do the Penalties Fit the Crime

The CCPA takes effect January 1, 2020, and aims to protect California’s 39 million residents from ever-increasing threats to privacy.

The law would give individuals unprecedented power by giving them choices regarding the collection, sale and deletion of their personal data. Large, medium and even small companies across the country will be affected by this despite being a state law.

The California Consumer Privacy Act (CCPA) is seen as a privacy protector when it comes to protecting consumers’ data. Unfortunately, this may fall short of reaching hero status.

There are certain requirements to be subject to CCPA rules: for-profit companies must either gross more than $25 million, manage data for 50,000 or more California residents, or derive more than 50% of their revenue from the sale of data. should do.

An International Association of Privacy Professionals exam of law estimates that approximately 500,000 companies nationwide must comply with the CCPA. The issue for businesses is that they will not only be subject to the CCPA but will be affected by the privacy laws of other states as well.

Six states already have privacy laws in place (Connecticut, Nevada, Maryland, Maine, New Jersey, and Delaware), and six others will have their own set of laws by the beginning of 2020 (Washington, Michigan, Illinois, Oregon, Texas, New York). ) ), and California).

In the unfortunate but very realistic scenario of a data breach, small and medium-sized companies would be fined millions of dollars and could be financially incapacitated. Micro companies can be pushed into bankruptcy for exposing email addresses collected through social media campaigns.

The result will be that death will not be crushed with a thousand cuts but with a thousand boulders. The noble purpose of the CCPA is to protect the population, but the punishment for the offense can be very harsh.

Opening the door to cyber terrorism

Financial hardship caused by privacy law penalties can be a target of cyber terrorism. If a foreign body hacks into some large companies and exposes consumers’ data, states will prosecute and impose fines that can reach hundreds of millions of dollars per company.

Cyberterrorists can pit the US legal system against the very people it is there to serve. If financially incompetent companies were to succumb to heavy fines, Wall Street would not only suffer catastrophic losses, but thousands of workers would lose their jobs.

Destabilizing the US economy through a large company data breach could start with something as simple as hackers gaining access to a network through a compromised password. Probably 50 regulatory bodies fined a company for a single incident seems excessive.

In comparison, Europe has adopted a single continent-wide set of privacy rules referred to as the General Data Protection Regulation (GDPR). The CCPA and GDPR are similar laws, both of which aim to give consumers more control over their personal information.

However, there are noticeable differences, such as the GDPR requiring explicit permission from consumers to capture their data, where the CCPA only gives the option to refuse to sell or share it. Also, the method of calculating the fine is different, but in both cases, the penalties are substantial and can leave some companies financially crippled.

Despite the GDPR being a strict law, it doesn’t have the complexity of managing dozens of different situations as it would in the United States.

federal laws

Republicans and Democrats both agree that federal law on data privacy is needed; However, an actual bill is nowhere to be found. Lawmakers disagree on many topics, including how much freedom states will have to enforce the law and make their own rules.

The goal of a federal bill by the end of the year doesn’t seem achievable, and all signs are pointing to legislation on personal data privacy to states.

The inability of federal lawmakers to put together data privacy laws will result in something more difficult to afford by our nation’s businesses as they navigate through the maze of various state laws.

While the CCPA and other state privacy conditions are likely going to be much harder on businesses, the result will be beneficial to the consumer. Identity theft haunts millions of victims each year, and its effects can be felt for a lifetime.

The modern world is digital, and having regulations to protect our personal data is not only positive, but necessary.

While the CCPA applies only to residents of the Golden State, it will rule nationwide, even internationally, and businesses will have to adjust to it or face consequences.

Leave a Comment