California Data Privacy Law and What That Means

May, already? Time flies. Industries are continuing to move forward and data is growing, the same as it has been in recent years. With that data, legislation and regulation around it is also progressing, as most recently seen by the California Data Privacy Law that goes into effect in 2020. We’ve already been talking with clients and others about EU’s General Data Protection Regulation, but we figured go into a little bit more detail about the California law.

Like GDPR, the California law is designed to impact organizations that sell to residents of California, even if the organization isn’t located there (non-US companies included). To be covered under the law, the business must make $25+ million a year, have personally identifiable information on more than 50,000 customers, and/or earn more than on half of its yearly revenue selling consumer data.

By the law’s definition, PII is almost everything about a person from names, employment, and geolocation data to public records and education.

The law gives California citizens the rights to:

  1. Know their information is being collected
  2. Opt out of the sale of their personal information
  3. Have their personal information removed from databases and lists
  4. Be protected from discrimination because of their opting out

So, what does this have to do with data?

If you have data on European or California residents, these laws could affect your organization. The shifting towards giving people rights about their data is not going away any time soon. People feel ownership over data about them, and dislike having things done with that data without their knowledge.

Regardless of your organizations industry, there are some basic steps you should put in place as soon as possible.

  1. Know what regulations apply to your organization, but to know that you also have to know your data.
  2. Know where your data is, what information is in the data, how to access it, how to remove it, and how to protect it.
  3. Have organizational policies around that data.
  4. Communicate with everyone you have PII on how you use their data.
  5. For companies handling consumer data, have opt in/opt out portals.
  6. Be able to demonstrate your company’s data policies and processes to stakeholders and regulators alike.

The larger the organization, and the more data you have, the more difficult these tasks become. It can be almost impossible to accomplish these steps if you don’t know what data you have and what quality it is.

For more information about data quality, persistent links to see all data profiles across your organization, or about how to integrate and manage your data using entity resolution using HiPER, contact us at info@blackoakanalytics.com today.

Leave a Reply

Your email address will not be published.