In an age of technology, business, banking, shopping, and connecting is done digitally. As consumers use the online space in their day-to-day lives, businesses create microdata profiles that document clicks, purchases, and shares to build better sites, ads, and campaigns. In the past several years, consumer pushback against business use of consumer data profiles has increased in response to several large organizational data breaches.
Recently, the state of California passed the California Consumer Privacy Act (CCPA) to protect consumer rights and implement business guidelines for online privacy and data collection. Understanding the new legislation is critical for businesses that operate in California and rely on consumer data. Read on to learn more about how small business insurance mitigates your exposure.
On June 28, 2018, the California Consumer Privacy Act (CCPA) was signed into law. Although the law has been effective since January 1, 2020, enforcement did not begin until July 1, 2020. This is the first law in the United States that directly addresses consumer privacy online. Under the CCPA, certain consumer privacy rights are explicitly outlined and businesses must adhere to specific guidelines on how they can collect and use consumer information.
Whether your business plans to use consumer data internally or share collected data externally, the intent of your business’s data collection must now be shared with consumers.
If your business serves residents of California, you must comply with consumer requests to access both your business’s data on the specific consumer and how that data was collected. The CCPA also grants consumers the ability to see the consumer profile your business created as a result of personal data collection.
Jerry, a dad from Pasadena, added several charcoal grills to his online shopping cart over several weeks. Rainforest, the online marketplace, used cart behavior and clickthrough data to infer that Jerry may be interested in other outdoor cooking equipment, and categorized him as a “grill enthusiast”. Under the CCPA, Rainforest must fulfill Jerry’s request to access his consumer profile from Rainforest.
Many businesses collect data on consumers and sell it or share it to third parties for targeted advertising purposes. The CCPA empowers consumers to prevent this transaction.
Martha, a resident of Santa Monica, regularly visits Delicious, an online cooking magazine, to discover new recipes. Delicious sells Martha’s data profile to KitchenMaster, a cookware company who believes Martha is an optimal target for their ads. Martha now has the right to stop Delicious from selling her profile and any other personal information to KitchenMaster.
Under the CCPA, your business must inform consumers of their right to have their data and personal information deleted from your database. Your business is required to provide at least two methods to submit a deletion request. It’s a good idea to tailor these methods to your current interaction with your customers. For example, if you primarily do business over the phone and on your website, provide a phone number for deletion requests as well as a request page on your company website.
Additionally, businesses may offer an option for partial data deletion to the consumer if, and only if, an option for total data deletion is also available.
Steven of Napa is tired of receiving emails from retailers where he no longer shops. Though Steven will unsubscribe from each email list, he also feels uncomfortable that his personal information is available to so many retailers. Steven visits each business’s website and submits an information deletion request as is his right under the CCPA.
Businesses may not penalize consumers if they choose to exercise the rights outlined in the CCPA. However, businesses may offer special incentives or promotions to encourage consumers to share or re-share their information.
If you operate in the state of California and meet one of the following criteria, your company must conform with CCPA:
Yes. Under the CCPA, if you have customers or potential customers in the state of California, you must comply.
Enforcement of the CCPA currently falls to the office of the California Attorney General. Lawmakers are pushing to create an independent regulatory agency to handle CCPA adherence. Californians have the right to bring a lawsuit against any company that fails to comply with the CCPA regulations.
The CCPA empowers consumers to bring lawsuits against companies who fail to comply with data storage and deletion practices. As a result, businesses have increased exposure to legal fees associated with compliance and settlement.
Having Cyber Liability Insurance protects your company against first- and third-party cyber-related threats and expenses. This includes data breaches, legal defense costs, notification costs, and system disruption. A good Cyber Liability policy addresses nearly every aspect of total cyber exposure. You can purchase a Cyber Liability policy entirely online with Layr, and adjust coverage limits to protect your business, and it binds instantly.
Having Cyber Liability insurance with appropriate coverage limits is a great way to protect your business. Ensuring you have the right policies to protect your entire operation gives you confidence to operate coast-to-coast. With Layr, you can do both. Read our e-book, Cyber Liability Insurance, to learn more about what cyber liability covers and why you should have it.