Four Good Reasons to Embrace the CCPA Right Now
The California Consumer Privacy Act (CCPA) may seem at first glance to be just another compliance project in need of a quick, tactical fix. However, it would be a mistake to take this approach. Organizations should step back and look at the bigger picture when considering how to address CCPA. There are four key reasons why a more strategic approach makes sense:
- More data privacy regulations are on the way – The first big data privacy regulation was, of course, the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018. CCPA’s deadline is January 1, 2020. However, other US states are actively working on their own data privacy rules, including Washington, Michigan, and New York. There is talk of legislation at the federal level, too. Internationally, Brazil has a new data privacy law, India is in the process of creating one, and Australia recently updated its rules. We can expect more data privacy rules to emerge over the next few years. It just doesn’t make sense to tackle each of these as a separate compliance project. Although there are differences, these rules are all fundamentally based on the work of the OECD. Fully embracing CCPA compliance today with an operationally sustainable approach built on a robust enterprise foundation will make it much easier – and less expensive – to comply with these other regimes.
- Customer experience will be enhanced significantly – By embracing data privacy rules like CCPA, organizations will be able to provide their customers with a much better experience around requests such as data access, erasure, and the right to opt out of personal data being sold. True data intelligence means the organization will know which systems customer data is sitting in, how the data is moving between systems, and where the data is geographically located for all data exchanges, including interactions with third-party data providers. It can provide a risk assessment of where the customer data is, and how it’s being used. A customer-centric approach reduces risk and enables the organization to respond to their requests quickly and effectively. Being able to do this builds trust with customers, which can become a key business differentiator.
- Data privacy compliance supports AI, ML, and IoT engagement – Studies show that most companies today will be engaging with AI, machine learning, and IoT at some point over the next five years. The impacts of these new technological approaches are expected to be transformative. As a result, governments, regulators, and legislators are all beginning to examine how AI, ML, and IoT interact with personal data. For example, the EU recently published new data ethics guidelines, which puts a strong focus on how personal data is used within these technologies. So, organizations that wish to work with these technologies need to get data privacy right – the financial and reputational cost of getting it wrong could be significant. Embracing CCPA is a good first step on this journey.
- Data intelligence is strategically important, and so is data privacy – Organizations are recognizing today that putting their data house in order is an essential first step if they want to evolve using AI, ML, and IoT tools and keep up with the pace of data-driven innovation. Personal information will fuel many of these new solutions, so making sure that this strategically important data is well managed just makes sense. Certainly, the CCPA is a new regulation, but it also encapsulates concepts and practices that are now widely accepted within the global data intelligence community. Many organizations had adopted the CCPA’s requirements long before it became law – they could see these practices were an intelligent way to proactively approach personal data management.
In short, CCPA is an opportunity for organizations to enhance their competitiveness through the benefits that real data intelligence can bring. CCPA is about far more than compliance with a new rule – organizations that do not think strategically about their personal data and its relationship to their data intelligence programs could soon find themselves left behind.
Senior Director of Privacy & Risk