It's not a new topic but we haven't heard about the CCPA for a while. It's important to keep this on the radar because most changes required for CCPA compliance in California will likely be rolled out for all US-based marketing campaigns.
In a nutshell the CCPA states that a citizens have rights and privileges regarding their data:
- Right to know all data held by a company
- Ability to stop a company from selling their data
- Right to sue for data loss as a result of a breach
- Empowered to delete data they have posted
- Right to know what categories of data are being collected
- Need to be notified if data collection terms change
- Businesses cannot punish those who opt out with higher prices
- Citizens can know which third parties have acquired their data including categories and sources
Much of the CCPA is similar to the EU’s GDPR, but the ability to sue regarding data breaches without proving damages could result in some companies attempting to hide data breaches rather than reporting. Hackers may have just been handed another lucrative extortion tool by the CCPA.