A guide to CCPA, aka California Privacy Law

A guide to CCPA, aka California Privacy Law

INTRODUCTION: WHAT IS THE CCPA?

The California Consumer Privacy Act will come into effect on January 1, 2020, and this fact may have a big impact on your business. California is the crown jewel in the United States economy – if it were a standalone country its $2.7 trillion GDP would be the fifth largest in the world, sitting ahead of the United Kingdom. This, combined with the state’s status as an incubator for tech innovation and consumer culture, gives it an outsized importance for all kinds of businesses operating at local, national, and multinational levels.

Put simply, any enterprise that reaches a certain scale will now be forced to contend with the CCPA, and it’s likely other states will soon follow suit with similar legislative pieces of their own- California has long been a bellwether for US-wide tech legislation. This article is a piece-by-piece examination of the CCPA and an analysis of its business impact, with particular attention given to the consequences for Small-to-Medium Enterprise (SME)’s data management, systems, and practices. By conclusion it should be clear that the CCPA is nothing to fear for management and development teams that are proactive and thoughtful in adapting to its prescriptions. For those that don’t use the appropriate amount of care, the consequences can be severe.

Continue reading “A guide to CCPA, aka California Privacy Law”

GDPR Fully Explained

GDPR Fully Explained

With the European Union’s passage of the General Data Protection Regulation (GDPR), the practice of data regulation moved out of its infancy. The GDPR is the first wide-reaching piece of unified data and privacy policy in the world, and as such, it is set to heavily influence a plethora of policies that are set to follow in its wake. But apart from the occasional headline about FAANG companies tussling with the new legislation, the practical impact of GDPR remains frustratingly obscure. If you’re a stakeholder in a small-to-medium enterprise (SME), this is a big problem. Unlike Google and Facebook, SME’s are unlikely to have a bottomless legal budget to contest being found in violation of the GDPR, and so for them, data compliance over the next five to ten years can easily become a question of business survival. This guide is a starting point for understanding the implications GDPR has for these businesses. We will examine the document, chapter by chapter, to summarize its content and analyze the practical consequences it holds for businesses that want to be compliant. Read on for a primer on all thing GDPR:

Continue reading “GDPR Fully Explained”

Data Security: 4 Ways Your Team Can Do Better

Data Security: 4 Ways Your Team Can Do Better

With all the breathless news coverage of high profile data breaches in recent years, one could be forgiven for thinking data heists are always the result of sophisticated efforts by devious hackers in far-off lands. But the reality is much more plain. According to a recent study by Securis, 25% of data breaches are caused by simple employee error. So if your team is spending all its time trying to anticipate black swan events, it can overlook the everyday safeguards necessary to keep its data secure in a fast moving business environment. In some jurisdictions such as Europe, the day-to-day management of an organization’s data security processes must be overseen by a designated Data Protection Officer. But whether you’re a large organization operating in GDPR territory, or an SME preparing for greater data regulation such as in the US with California Privacy Law (CCPA) in January 2020, below are 4 actionable steps your team can take to do the basics right:

Continue reading “Data Security: 4 Ways Your Team Can Do Better”

4 Key Considerations For Ethical, Compliant Data Processing

4 Key Considerations For Ethical, Compliant Data Processing

If one were to chart the most important developments in the business landscape over the last 20 years, top of the list would surely be the growth of consumer data as a precious resource. Never before have companies had access to such powerful stores of business intelligence, and never before have they had such a pressing responsibility to manage that resource carefully. In 2019, data management is very commonly the difference between success and failure, and the disastrous consequences of mismanagement can impact both the company in question and the consumers that trusted the company to protect their information. Continue reading “4 Key Considerations For Ethical, Compliant Data Processing”

Preserving Privacy in the Age of Facial Recognition

Preserving Privacy in the Age of Facial Recognition

Public anonymity is dead. While that phrase, “public anonymity” may sound like an oxymoron, let me explain: You can no longer walk along a street, visit a store, or attend an event without the possibility that someone — a government entity, a storeowner, or a tech giant — knows that youare there and can track everywhere else you’ve been, simply by your physical appearance.

In 2018, facial recognition technology spent a lot of time in the news. Between Amazon licensing their Rekognition product to law enforcementthe presence of gender and racial bias in some of the current technology, and China’s use of facial recognition to publicly shame jaywalkers, it’s clear that society is facing moral and philosophical questions about who owns and should have access to your physical identity and information in the real world? Continue reading “Preserving Privacy in the Age of Facial Recognition”

This Article is Republished from our Privacy Magazine – To learn more, visit Privacy.dev

This Article is Republished from our Privacy Magazine – To learn more, visit Privacy.dev

Google and Facebook are dominating the online advertising market and have created an ecosystem with network effects difficult to break. As the tech giants accumulate user data their targeting becomes ever more refined and vain user impressions are reduced. Yet their business models build on foundational inefficiency, and give rise to the precarious externality of privacy invasion. Continue reading “This Article is Republished from our Privacy Magazine – To learn more, visit Privacy.dev”

The future of Data Privacy, or: The Business Model that Could Kill Online Advertising

The future of Data Privacy, or: The Business Model that Could Kill Online Advertising

There’s a popular saying in Silicon Valley: If you can use a product for free, then you’re probably the product. Nowhere is this more truly illustrated than by the business models of Google and Facebook, two of the most valuable companies in the world and two of the most powerful vehicles for consumption in human history.

Google and Facebook scaled at unimaginable speed by offering their web services to users for free. As their user bases exploded, they monetized their platforms by building the most sophisticated ad targeting capabilities ever created – all on the back of data supplied willingly (so they claim) by their users. This brings us to the present day: the two companies combine to account for over 50% of digital advertising spend in the United States, to the tune of roughly $60 billion.

Continue reading “The future of Data Privacy, or: The Business Model that Could Kill Online Advertising”

If You Do Nothing Else to Be User Data Privacy Compliant, At Least Remember These 3 Things…

If You Do Nothing Else to Be User Data Privacy Compliant, At Least Remember These 3 Things…

Just a few short years ago, the idea of User Data Privacy Compliance on the internet was as dubious as the idea of Miranda Rights in the Wild West. Back then the web was (and many would argue still largely is), an adolescent medium growing at supernova speed. Boundaries were only being discovered long after pioneers had traversed past them, and regarding personal data, the frontier mindset was prevalent: if you could catch it, you could keep it. But in recent years, this particular aspect of online exchange has finally begun to experience welcome regulation. Now there are real consequences for actors that fail to follow regulatory requirements in the collection, storage, and exploitation of personal data.

The GDPR in Europe is the most widely-known and powerful piece of data regulation, but it’s important to realize that many of its tenets are soon to be adopted, in one form or another, worldwide. In California, the CCPA will come into effect January 1, 2020. India is currently finalizing a far-reaching data privacy bill. In Brazil, the LGPD will become the law of the land some time in early 2020. For businesses all over the world, the need to be user data privacy compliant will only grow more important. So, let’s assume that you aren’t yet able to pore over the fine print of each piece of legislation to ensure you’re in compliance…what are some general steps you can take to protect your business from falling afoul of the regulator?

Continue reading “If You Do Nothing Else to Be User Data Privacy Compliant, At Least Remember These 3 Things…”

Security & Privacy: Minimizing Breach Risk at the Source

Security & Privacy: Minimizing Breach Risk at the Source

Thus far, we’ve spent a lot of time examining the core principles of the GDPR and other pieces of data regulation, and we’ve worked through some of the implications these documents carry for the UX and back-end functionality of consumer-facing applications. But there are, of course, many other components to your business’s robust, secure data operation. In this article, we’re going to look at core principles of making sure your hardware, software, and web applications are spec’d to better withstand attack. It’s no secret that threats to digital security are on the rise, and the consequences of a data breach can be – hello Equifax – a PR nightmare of epic proportions. Start with the steps below to get smart about your company’s infrastructure…

Continue reading “Security & Privacy: Minimizing Breach Risk at the Source”