The beginning of this year witnessed the implementation of the California Consumer Privacy Act. The CCPA – whose impacts go way beyond California – came into effect on the 1st of the month primarily in order to provide Californians with additional rights and privileges vis-à-vis securing their data. Those in the UK (who will also be affected by the CCPA like they were with the GDPR in 2018) are now being trained on how to implement this.
The CCPA has been hailed as potentially a very powerful legislative addition for consumers as well as businesses and will ultimately put the US on the same page as the UK vis-à-vis global privacy. American consumers will get access to exactly what companies know about them; have power over whether they can keep that information and stop them from selling it.
This will have quite the impact on businesses. Many are bemoaning the extra burden it places on them in terms of time and money with a company being forced to pay up to $23.5m (4 percent of global annual revenue) with failure to comply.
For the consumer though, what could be bad? Very little apparently. Such high stakes are forcing companies to go through their cybersecurity practices with a fine tooth comb. For Californians there is even more good news because regional policy makers have already come up with their own plan to protect personal data via the CCPA. And, this will likely have a trickle down effect on other states and even countries given that California has the fifth largest economy in the world.