What a year 2020 has been, for the world at large and for the field of data privacy specifically.
US businesses that previously hadn’t thought too hard about the ways they collect and process data will have found the last 10 months felt somewhere between “whirlwind” and “tornado”.
There was the introduction of the California Consumer Privacy Act (CCPA) on January 1st. Then, around mid-March, global lockdown, work from home, and a million little disruptions to data management practices. In summer, EU-US data flows were thrown into chaos.
And finally this morning, Californians and businesses at large wake up to the passage of Proposition 24, the California Privacy Rights Act. It’s a brand new privacy law less than a year after the enactment of CCPA, a law that has split the privacy community into starkly divided camps, and a law that runs 52 dense, technical pages. In these eventful times, spare a thought for the general counsels and privacy engineers of the world, just trying to do the best they can.
In all seriousness, there’s no shortage of reporting on where Prop 24/CPRA is strong, where it’s weak, and where it’s got holes. In writing this note I want to focus on two simple points that should reassure anyone who will be seeking to operationalize CPRA requirements in the coming months.
First: if you spent long months getting CCPA-ready, the heaviest lift is already done.
The “treasure hunt” of data discovery in your business remains the lynchpin of any privacy operation – CCPA, CPRA, GDPR, you name it.
Once you’ve mapped where your business data lives and how it flows through the systems in your tech stack, you’re left only with the task of leveraging that data map in the application of any individual law’s requirements. But the map is paramount, and if you already built it, congratulations: you’ve already fought your hardest privacy battle.
Second: the work you’ll do for CPRA will reflect well on your business in the eyes of customers.
It’s not just that Prop 24 has passed with a strong mandate from the Californian electorate. It’s what we see across any number of touchpoints here at Ethyca and in the world at large.
There’s a reason Apple is rolling out a massive ad campaign around privacy features in the new iPhone.
There’s a reason why we at Ethyca have seen a 467% spike in privacy requests filed via our product since July, and a 215% increase in the number of Ethyca Privacy Centers in production during this same time.
The reason is that users want more privacy protection. You will build brand capital by offering it to them in an easy-to-navigate experience, and by placing data transparency at the center of your customer experience.
We’re committed to helping make the nuts and bolts of operationalizing privacy easy. Platforms like ours allow your teams to stop sweating the day-to-day and focus on the bigger privacy picture.
The passage of CPRA might serve as a moment for your business to take stock. A moment, before plunging back into another sprint, to think holistically about where your team wants to spend its energy in the management of an ever-changing data privacy landscape.