California Consumer Privacy Act

From SI410
Revision as of 19:07, 6 February 2022 by Aimiah (Talk | contribs) (Involved Parties)

Jump to: navigation, search

A new law in California, known as the California Consumer Privacy Act (CCPA), allows consumers greater control over the personal information that businesses and organizations collect about them. This legislation was enacted in part as a response to customers' growing skepticism about how firms were handling their personal information, particularly in the wake of several high-profile security breaches at financial institutions [1]. However, even though it is only applicable to California residents, the law provides consumers with a number of important rights, including the right to know what information a business has on them and how it is used or shared, the right to have collected personal information deleted, the right to opt-out of the sale of collected personal information, and the right to avoid being penalized or discriminated against for exercising their CCPA rights. The law is only applicable to California residents. Business owners are also required to issue written notices to customers outlining their privacy policies [2]. Consumers and corporations both have a stake in this innovative legislation, which has a number of distinct stakeholders. Each side has strong beliefs about the law and how it affects their own best interests, and they are both right. It's also possible to compare the CCPA to other similar frameworks, which will provide a more objective perspective on the effectiveness of the law [3].

History

When the 2014 JP Morgan Chase data breach happened, the inner workings of the California Consumer Privacy Act were still in the early stages of development. Sensitive information of third parties was exposed for more than a month before the breach was discovered. Consumers were frightened by the amount of personal information that these huge organizations acquired, and their distrust in corporations increased significantly as a result [4].

Despite the fact that an early version of the CCPA was drafted in 2017, its implementation was delayed due to opposition to the law by institutional authorities such as big technology corporations. In 2018, a privacy advocate by the name of Alaistair Mactaggart worked with the legislature to reintroduce the legislation to the vote. The bill was effectively passed, and it represented a significant step forward in the protection of consumer data privacy [5]. It became formally effective and began to be enforced in 2020, with the official start date being in early 2020.

Personal Information

To begin, it should be emphasized that the CCPA's definition of "personal information" includes a broad range of technological data identifiers. Personal information is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household” in the 2018 version of the CCPA [6].

According to the CCPA's definition of personal information, "information" does not have to be of a specific sort. As a result, both electronic data and paper files are subject to the jurisdiction of the CCPA. The definition of “personal information” concludes with the following statement: “with a particular consumer or household.” This means that the CCPA does not just apply to natural individuals, but also persons and properties related to them. A customer or a household is covered by the CCPA if any information about them is related to or associated with them. In light of the fact that the term "household" is not defined anywhere else in the CCPA, it is unclear what types of data can be categorized as "household" information [7].

The CCPA provides a collection of personal information examples that can be used to better understand what falls within its jurisdiction. Examples of this include, but are not limited to, the following [8]:

  • Real names, pseudonyms, addresses (physical and virtual), unique personal identifiers, email addresses and account names
  • Geographical Indications
  • Information pertaining to a professional or job situation
  • Information about commercial transactions, such as records of personal property, products or services acquired and contemplated, or other purchasing or consuming histories or habits
  • A consumer's browsing history and search history, in addition to information on the consumer's interaction with an Internet website, application, or ad
  • Inferences taken from any information found to develop a profile of a customer reflecting the preferences, traits, psychological patterns, predispositions, conduct, attitudes, intelligence, abilities, and aptitudes of the consumer

It is vital to remember that public information does not fall under the definition of "personal information" as defined by the CCPA. Due to the lack of a formal definition of what constitutes publicly available information, the interpretation is based on what financial institutions reasonably believe to be publicly available information [9].

CCPA Rights and Obligations

Stake Holders

Corporate Opinion

Consumer Opinion

Consumer Literacy

Similar Privacy Frameworks

References

  1. Davis, Lauren. "The Impact of the California Consumer Privacy Act on Financial Institutions Across the Nation." North Carolina Banking Institute, vol. 24, Mar. 2020, pp. 499+. Gale Academic OneFile, link.gale.com/apps/doc/A619741660/AONE?u=umuser&sid=bookmark-AONE&xid=fd7dd585. Accessed 28 Jan. 2022.
  2. Bukaty, Preston. The California Consumer Privacy Act (CCPA) : An Implementation Guide, IT Governance Ltd, 2019. ProQuest Ebook Central, https://ebookcentral-proquest-com.proxy.lib.umich.edu/lib/umichigan/detail.action?docID=5798680
  3. Das, Ravi. “Cybersecurity Risk.” Assessing and Insuring Cybersecurity Risk, 2021, pp. 112–115., https://doi.org/10.1201/9781003023685-1.
  4. Davis, Lauren. "The Impact of the California Consumer Privacy Act on Financial Institutions Across the Nation." North Carolina Banking Institute, vol. 24, Mar. 2020, pp. 499+. Gale Academic OneFile, link.gale.com/apps/doc/A619741660/AONE?u=umuser&sid=bookmark-AONE&xid=fd7dd585. Accessed 6 Feb. 2022.
  5. Baik, Jeeyun (Sophia). “Data Privacy against Innovation or against Discrimination?: The Case of the California Consumer Privacy Act (CCPA).” Telematics and Informatics, vol. 52, 2020, p. 101431. Crossref, https://doi.org/10.1016/j.tele.2020.101431.
  6. Baik, Jeeyun (Sophia). “Data Privacy against Innovation or against Discrimination?: The Case of the California Consumer Privacy Act (CCPA).” Telematics and Informatics, vol. 52, 2020, p. 101431. Crossref, https://doi.org/10.1016/j.tele.2020.101431
  7. Bukaty, Preston. The California Consumer Privacy Act (CCPA) : An Implementation Guide, IT Governance Ltd, 2019. ProQuest Ebook Central, https://ebookcentral-proquest-com.proxy.lib.umich.edu/lib/umichigan/detail.action?docID=5798680.
  8. Bukaty, Preston. The California Consumer Privacy Act (CCPA) : An Implementation Guide, IT Governance Ltd, 2019. ProQuest Ebook Central, https://ebookcentral-proquest-com.proxy.lib.umich.edu/lib/umichigan/detail.action?docID=5798680.
  9. Davis, Lauren. "The Impact of the California Consumer Privacy Act on Financial Institutions Across the Nation." North Carolina Banking Institute, vol. 24, Mar. 2020, pp. 499+. Gale Academic OneFile, link.gale.com/apps/doc/A619741660/AONE?u=umuser&sid=bookmark-AONE&xid=fd7dd585. Accessed 6 Feb. 2022.