No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the strongest privacy law of any in the US. The Act places personal information privacy at the pinnacle for protection. No longer do strict privacy parameters only apply to financial or healthcare related personal information.
The fact that the California legislature passed the bill so quickly drives home the point that consumers are adamant about the privacy of personal information, no matter what the average corporation may believe. In its present form, AB375 means that businesses must provide a clear choice to consumer and website visitors on how personal information is collected and used. That goes for social media sites as well as online retail for products or services.
The already-strict California privacy laws are significantly stronger than the rest of the US. AB375’s GDPR-style privacy rights go even further, giving residents privacy rights like asking the business about the source of the data they collect and the purpose for it. Much like with Europe’s GDPR, having the ability to “Opt Out” of the sale of personal information will be front and center on business websites, barring any changes to the bill. Plus, you’ll have the right to:
Request a copy of all personal information that a business collects about you
Request that they not sell your personal information
Begin legal action if they fail to protect your personal data
What about HIPAA, you may ask? The Act specifically states that it doesn’t apply to “protected or health information” (aka PHI) collected by a covered entity or if the privacy of said information is covered under HIPAA.
Granted, the new California privacy law can still be amended. The bill doesn’t go into effect until January 1, 2020. However, the intention is clear, no matter the forthcoming wrangling. Some see it as a backlash of the betrayal felt by millions of online users when they found out about rampant social media data-mining.
Whatever the reason, the renewed trend to protect personal information goes beyond regulations that protect healthcare or financial data. Businesses need to be prepared for stricter rules governing online consumer engagement. Laying the groundwork, including actual notifications and the related policies and procedures, will take careful planning.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.