In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, such as the narrow 72-hour window in which a company must report a breach. In other respects, however, it goes even farther.
The California Consumer Privacy Act (CCPA) takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.
What is the CCPA?
AB 375 allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.