It’s October. That means it’s National Cybersecurity Awareness Month, which emphasizes personal accountability and the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s theme – Own IT. Secure IT. Protect IT. – puts the focus on topics such as citizen privacy, consumer devices and ecommerce security.
To protect their privacy and security, individuals need to understand their rights and recourses. That is a challenge in today’s dynamic technology and regulatory environments.
The good news is that individuals are gaining more control over the ownership of their data. And that will enable people to take a more active role in protecting their privacy.
GDPR set the stage for legislation in the U.S.
The General Data Protection Regulation is the most high-profile development on the personal data front. GDPR, which took effect in May of 2018, gives European Union residents more control of their personal data. Under GDPR, businesses:
- can only collect data required for the efforts to which people have agreed
- must explain why they collect the data that they do
- have to disclose with which other organizations they share users’ personal data
- are required to alert EU residents within 72 hours of a breach impacting their data
- need to correct, delete and/or provide lists of their data at their customers’ request
GDPR – and the Equifax breach and the Facebook-Cambridge Analytical scandal – have prompted legislators and regulators elsewhere on the planet to address cybersecurity and personal data privacy, too. The California Consumer Privacy Act was one of the new regulations that emerged as a result.
California’s new consumer privacy act is nearly here
This ground-breaking law takes effect Jan. 1, 2020.
It applies to academic, biometric, employment, geolocation and internet browsing data. It also impacts data indicating what products individuals have looked at or purchased, as well as inferences drawn to create personal profiles indicating preferences.
The CCPA will:
- give California residents the right to demand that companies disclose what personal data they have collected about them
- enable Golden State consumers to ask companies to delete their personal data
- allow individuals there to forbid companies to share personal data with third parties