Don’t let the name fool you—the California Consumer Privacy Act, which goes into effect Jan. 1, 2020, will have implications on data collection that go far beyond the Golden State. The California state law allows consumers to access and control data collected on them by companies. Since it is too unwieldy for most businesses to have a separate set of rules just for California residents, the CCPA requirements will change how all consumers interact with companies online.
As the leader of Womble Bond Dickinson’s Privacy and Cybersecurity Team, Tara Cho is actively guiding clients as they prepare to comply with the CCPA. She recently spoke to Slate about the changes the CCPA presents to businesses and consumers alike.
Cho said that while the CCPA is intended to empower consumers, it could have the unintended consequence of exposing them to data theft. So companies need to make sure that requests to access personal data are legitimate.
“With regard to the right to access your data, that has the highest threshold for risk analysis and what mechanisms you use to authenticate the person,” she tells Slate. “You could end up creating a data breach by sharing the information with a fraudulent actor.”
The CCPA only applies to businesses that:
- Earn more than $25 million in gross revenue;
- Collect data on more than 50,000 people; or
- Receive more than 50 percent of company revenue from selling consumer data information.
Also, Womble Bond Dickinson’s Privacy and Cybersecurity Team has written extensively on the CCPA. Click here for more from the CCPA Task Force.
Tara Cho chairs Womble Bond Dickinson (US) LLP’s Privacy and Cybersecurity Team. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, and life sciences, with an emphasis on compliance risks and regulatory requirements affecting the healthcare and healthtech sector.