If you’re reading this, chances are you’re familiar with the California Consumer Privacy Act (CCPA), the data privacy law that California enacted last year. You might not know whether the law should concern your business, and why. There are really three key questions for any business to answer regarding the CCPA: Are we impacted? Why …
If you’re reading this, chances are you’re familiar with the California Consumer Privacy Act (CCPA), the data privacy law that California enacted last year. You might not know whether the law should concern your business, and why. There are really three key questions for any business to answer regarding the CCPA:
We’ve prepped a short quiz that generates answers to these crucial questions and more. Give it a shot! Otherwise, skip down for more context on the CCPA and why it might matter for you…
Once you’ve figured out whether your business is impacted by the CCPA, the next logical question to ask is: “Why should we care?”
Although the likelihood of getting put out of business from a CCPA fine isn’t “red-alert high” in the short term, there are plenty of reasons to take the CCPA very, very seriously.
Here are four:
The possibility of fines under the CCPA are not the end-all-be-all of compliance, but they are substantial. The California government can prosecute non-compliant businesses with up to $7,500 per violation. In the event of a data breach, fines can reach $750 per affected individual. If just 1,400 individuals are affected, the total fine would exceed $1 million.
Those numbers are nothing to sniff at, but the truth is that the CCPA is just one of many privacy laws coming into effect all over the world. Indeed, next year in 2022, California will be welcoming a much stricter privacy law, the CPRA. Soon the cumulative financial risk to getting privacy wrong will be too big to ignore. Here’s a list of US states that have passed or drafted privacy legislation over the last 3 years.
This is not to mention a federal US privacy law, which observers believe is a real possibility under the Biden administration. Building nimble data privacy ops is an investment in future-proofing your business for compliance. Each law comes with its own nuances, and there is no one-size-fits-all. However, Ethyca’s automated data mapping empowers your company to clearly understand the data in its systems, including third-party applications. Such systems-level knowledge is crucial as privacy laws spring up all around the globe.
Without a dedicated CCPA compliance operation, advertising hubs like Google and Facebook automatically impose restrictive constraints on your company’s advertising abilities. When Facebook imposed these restrictions at the start of July 2020, Facebook advertisers saw an 84% drop in California conversions within the first week. According to the Network Advertising initiative, defaulting to these restrictions will likely inhibit advertisers’ ability to monetize their inventories in the long run. Google and Facebook ranked first and third in US web traffic in December 2020, and California has the highest total GDP and population of any state. With these metrics in mind, advertisers cannot overlook the value of investing in a nimble CCPA function.
With Ethyca CHOICE, building privacy into your company’s infrastructure provides the best of both worlds. Your company regains control of advertising performance while you empower your users to manage their consent to data-sharing.
Manual efforts to comply with the CCPA are costly, on multiple levels. The single act of inventorying all data in your business systems can take months, if not years. On top of the massive time your team would need to dedicate to this regulatory catch-up, there is the possibility of human error in the process. Even an unintentional CCPA violation can cost your business thousands.
Instead of needing a decentralized and prolonged manual procedure to process a single Data Subject Request, Ethyca simplifies the task. With each user’s data inventoried across all business systems, you can count on prompt turnaround of users’ requests, without mounds of paperwork or a complicated team project. In doing so, your users can count on your business as one that respects their data rights.
Complying with the CCPA shows consumers that you take data protection seriously and are worthy of their trust. Consumer trust is more vital than ever. Recent research found 89% of consumers express concerns about their data protection. And when it comes to purchasing habits, 75% prioritize brand trust over price when deciding between products.
Trust is hard to gain and dangerous to lose, with 43% of consumers citing loss of trust as a reason they stopped doing business with a company. Circling back to compliance, a CCPA violation costs more than the hefty fine – it damages a reputation. In 2021, no business can afford to ignore the CCPA. While the CCPA can be intimidating, you don’t have to go it alone. Let us show you how to bring CCPA compliance into your business.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo