Improved Data Privacy for USA
Bruce Armstrong
New Direction - Boardgame Developer See launch of Zig Zag Tag on Kickstarter soon - if you like it, pledge it!
On the back of GDPR prosecutions hitting US companies, the US has suddenly become patrons of personal data privacy - or at least California has!
It's fair to say that the US lagged behind the rest of the world in their treatment of personal data privacy, preferring to treat personal data as a trading asset to be bought and sold at will. After all, we all agreed to the 'TERMS OF SERVICE" that gave away our rights to control our own data and how it is treated. The fact that we had no choice if we wanted to use the app eluded these companies. That was until Europe implemented privacy protection law - the General Data Protection Regulations or GDPR in May 2018. It protects EU citizens from misuse or breach of their personal data anywhere in the world.
Choosing to ignore this at first, US companies started to pay attention when fines started coming for their poor behaviour - Google 50 million Euros, Marriott 110 million Euros, with more to come. US State legislators started paying attention too. Three - California, New York and Montana, have passed similar laws to protect data privacy, with California's coming into effect on 1 January 2020. Now the game has changed.
The California Consumer Privacy Act (CCPA) is the first state law that applies fines for poor cyber security in the US. The law assigns specific penalties should unauthorized access occur, whether through a breach, exfiltration, theft, or “disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices,” The CCPA allows for penalties of $100 to $750 per (Californian) consumer per incident, or actual damages, whichever is greater. The GDPR has proven that giving teeth to data privacy law in the form a substantial fines for breaches has changed behaviour of business and restored the balance of power with their customers.
You will have noticed that you are getting updated Terms of Service for many of your apps. That is these companies applying their data protection requirements to comply with the CCPA. It gives you more rights to understand and control the use of your personal information supplied to them.
There is a game changer that will impact the whole US and the rest of the world. This week Microsoft has announced that they will apply the CCPA data privacy protections to ALL US citizens, not just those in California. Well done Microsoft for taking the lead.