Dealing with three pathbreaking scenarios under the CCPA

Sep 16, 2019

Dealing with three pathbreaking scenarios under the CCPA

The "right to be forgotten" is one of the new rights consumers will have under the CCPA

"I'd like to pay with my credit card."

"Sure! Let me have your card. Could I also get your full name, phone number, and address?"

"Yeah. It's Logan Lovato, and I live at 1 Lemon Street, Anaheim. My number is 714.308.75xx." 

This was a common occurence at retail stores across the US in the not too distant past. People shared their information and didn't think much about it. In fact, the next time, Logan Lovato went to the same store, his information would be readily available, enabling him to checkout faster. 

Today, people are wary about how their data is used. And the issue isn't even about data falling into the wrong hands at a single point of time; the issue is that all of this data could be used in unforeseen ways in the future. The threat of unintended inferences is clear and present.

The US needs a law that will not only protect consumers from identity theft and data breaches, but also give users rights over their own data. And the California Consumer Privacy Act (CCPA)—in effect beginning January 1, 2020—aims to do just that. The CCPA will only impact consumers and businesses in California. This means that the CCPA will be applicable to California-based, international-based, or out-of-state-based organization doing business in California (as long as certain other criteria are met). 

Let's take a look at three examples of how the CCPA is going to shake things up.

Disruption in the app culture of Silicon Valley

Silicon Valley is a startup heaven. Numerous organizations, big and small, have their origins there. Many companies are riding the digital transformation wave, and leveraging mobile apps to address pain points for consumers. For example, TaskRabbit (now owned by IKEA) is a mobile marketplace that allows people to find help with everyday work, and Instacart is a same-day grocery delivery service. 

Apart from the core services that these companies offer their customers, they also deal with substantial amounts of personal data. They may even have agreements with third parties on sharing such data. With the advent of the CCPA, organizations doing business with California-based consumers will need to implement clear privacy policies, and ensure that data does not leak into the wrong hands.

Loyalty cards and reward points under the CCPA

Many companies utilize loyalty programs that incentivize customers for making frequent purchases. These programs are effective for encouraging repeat business and providing a more personalized experience, but they also involve collecting personal data. Over time, companies could aggregate large amounts of data about consumers and can reach conclusions about their preferences, characteristics, predispositions, behavior, intelligence, and abilities—all without the consumer's knowledge or consent. 

Under the CCPA, companies will need to inform consumers beforehand about what data is collected and why it's collected. If an organization is aggregating data for analysis, it has to keep customers informed. It's also critical to ensure this data remains secure. It'll be interesting to see how organizations plan to manage loyalty programs in California after January 1, 2020.   

Responding to customers' requests to be forgotten

The CCPA will bring with it a powerful right for customers—the right to be forgotten. A customer, at any point of time, can do two things: 1) ask for all the data that a company has collected on them (including insights developed after data aggregation and analysis), and 2) request for a full or partial deletion of personal information. 

This will be a paradigm shift in the way data is perceived. The data may reside in sensitive file servers in the organization; but users will have full ownership over their own data collected by businesses. Organizations have to develop a strong process for responding to such requests. They also need to be able to identify the requested data, isolate it, and delete it.

How Log360 can help you comply with the CCPA.

Log360 is a one-stop solution for all your log management and network security needs. You'll be able to audit Active Directory, network device logs, Microsoft Exchange Server, Microsoft Exchange Online, Azure Active Directory, and your public cloud infrastructure all from a single console to gain complete control over your network.

Comply with the CCPA.

Defend your business. 

Protect your consumers.