California Consumer Privacy

GDPR impacts are just starting to be felt around the world.  Starting with complaints filed against Facebook and Google for non-compliance and ending with US newspapers removing their content from European eyes completely rather than risk the large GDPR fines.

California Gov. Jerry Brown signed Assembly Bill 375 on Thursday, June 28th just hours before a deadline to submit propositions for the November ballot.  Alastair Mactaggart, a San Francisco real estate developer spent more than $3 million to qualify a stricter measure.  The proposed ballot measure would give Californians more information and control over how their data is being used, but it would put the responsibility on the consumer to request information about who is collecting the data and how businesses will use it.

The ballot measure differs from GDPR which requires the business to default to opting out of collecting data unless given explicit rights to do so by the consumer.  The California law would require companies to provide free disclosures within 30 days.

Others elements within the California ballot proposal are: customers that opt-out will not be penalized or charged higher prices and prosecutors and consumers would be able to file lawsuits after a data breach or for selling personal information after a customer say ‘no’ to sharing.

Mactaggart said he would withdraw his November ballot measure if lawmakers passed the CA Assembly version which they did and the governed signed into law.

The new law will go into effect in January 2020.  The new law provides consumers the right to know what personal information companies are collecting and why.  Also which businesses the information is shared with.  Consumers have the right to direct companies to delete their information and not to sell it.

There are significant loopholes that companies can exploit.  For example, companies won’t be able to sell consumers personal information, but they will be able to ‘share; it.  Also, companies can charge consumers more if they opt out of the sale of their data creating a ‘pay for privacy’ standard.

Organizations and individuals can start protecting their data now by deploying SecureCircle to protect all your files, videos, photos, and documents.  SecureCircle enables organizations to control file access regardless of where the files are located.

Organizations can change access permissions at any time, so even if a file has been stored in Dropbox or other cloud storage locations the file access permissions can be changed.

Employees that leave the company can have their access revoked even if files are located in the cloud or on a USB drive.

Organizations can protect themselves from ransomware threats asking for money or risk having your data released to the public.

There are many other use cases which SecureCircle can help such as controlling access to data by 3rd parties and preventing data access when devices are lost or stolen.

Consumer privacy will continue to evolve.