Officially passed by the Governor of California, Jerry Brown, and the California State Legislature on June 28, 2018, the California Consumer Privacy Act aims to enhance privacy rights and consumer protection for California residents. Finally arriving, the bill will become effective on Jan. 1, 2020.
With the CCPA on the immediate horizon, technology companies have significant work to do as they head into the new year and the demands of regulatory compliance for customer data become real. Some companies are already prepared.
For example, global companies that have already taken steps to become GDPR-compliant will take their privacy and security a step further under the CCPA. This new legislation will simply represent a new set of rules they can add to their existing compliance frameworks.
On the other hand, for organizations that haven’t yet considered their compliance strategy — like many Silicon Valley startups and SMBs — the process will likely be costly and time consuming. Similar to when GDPR was enacted, a number of companies will find themselves scrambling to become and remain compliant. While this may be difficult, there are some actions businesses can take to mitigate time, expense and, most importantly, to avoid accidental data compliance transgressions.
Cloud Platforms Help Make Compliance Easier
The onset of consumer data protection laws like GDPR and CCPA have compelled the big cloud platform players to develop new services and capabilities, as well as provide guidance to their customers in order to ensure compliance. This is an example of how changes in the regulatory environment are driving evolution to make the cloud even more attractive to businesses of all sizes. Cloud-based companies are going to find that it’s easier, less time consuming and less expensive to not only become compliant, but to maintain that level of compliance.
Data Compliance in the Age of Bots and AI
While chatbots and virtual assistants offer many benefits, they also create business, legal and ethical challenges. California has already put a new law on the books this year that requires companies to disclose to consumers whenever they are interacting with a non-human agent or “bot”. This was done in the spirit of consumer protection, of which the CCPA is but another manifestation. Further, the California Attorney General’s office has identified six concepts—transparency, choice, reasonable security, limit collection and retention, sensitive data and reasonable expectations—as privacy principles.
The growing number of companies using bots within their customer experience has implications to consumer data privacy compliance, as more companies are now storing and processing data from customer interactions in order to make these autonomous systems work.
For companies that use customer data to train and operate conversational bots, data compliance will be more complicated and challenging. The need to protect privacy and anonymity, as well as comply with data deletion requests, will put new demands on AI-driven systems that make conversational bots work.
With the onset of CCPA, data compliance and regulatory environments will become increasingly complex and enterprises will need to formulate and execute on a plan to determine how to handle security and data issues that arise. For example, many organizations are hiring for C-level executive roles, or creating committees, that are responsible for the compliance of these regulations and the impact on customer data.
We have yet to see how the changing regulatory environment will influence the growth of bots that feed on customer data, but there surely will be an impact.
Personalization and Data Compliance
The desire to create better customer experiences through greater and more precise personalization is at the top of the list when it comes to new IT projects in 2020. However, companies rely on customer data to create and continually improve the efficacy of these personalized experiences. This means that there’s going to be ongoing tension between the push for data-driven personalization and the requirements on customer data imposed by the regulatory bodies.
While global organizations that are currently adhering to GDPR laws will likely notice little change in their practices, industry experts warn that the CCPA threatens many technology companies and small businesses by disallowing what the industry calls “third-party behavioral profiling”: the result of which could have a big financial impact on California businesses that use ad retargeting to sell more products.
Beyond hiring and implementing internal committees, enterprises should focus on installing protocols and data management frameworks to ensure the company’s data and technology complies with laws like GDPR and CCPA. Companies that strictly follow government regulations and are mindful of consumer regulations will likely be the most well-received, and therefore, the most successful.
Data is a powerful tool. As technology rapidly advances, enterprise data capabilities have developed far beyond what we previously imagined was possible. As companies continue to hone in on digital transformation, it results in an endless supply of stored data at every turn and in every department.
In our modern world of digital businesses, companies will need to consider the impact that the CCPA will have on a variety of sectors of the business, from marketing to IT. Conversations around data privacy and user rights are at the forefront of industry discussions, and technology companies that don’t prioritize this can expect negative feedback and repercussions from consumers and government organizations alike.
This article originally appeared in Information Management.