Privacy advocates have long called for a federal privacy law and it’s coming…in the meantime, experts say complying with the CCPA will lay the groundwork for future compliance with a federal law.
Like revellers packing Times Square on New Year’s Eve waiting for the ball to drop, a close teeming crowd of organizations spent the waning moments of 2019 – with both trepidation and excitement – ringing in the California Consumer Privacy Act (CCPA), one of the strongest state laws safeguarding privacy and whose underlying tenets might eventually serve as the basis of federal privacy legislation.
Although technically the CCPA went into effect New Year’s Day, in reality, regulators won’t begin enforcing the law for another six months, which means for many enterprises struggling to comply, July will be a very hot month indeed.
“CCPA will impact any business above a certain size that handles personal data relating to a citizen of the state of California irrespective of where that enterprise may be located,” says Steve Durbin, Managing Director of the Information Security Forum (ISF).
Facing the prospect that the CCPA will likely embolden other states to codify privacy protections as well. “We’ll have to wait and see but in much the same way that GDPR has far reaching effects outside the EU,” he says. “I would expect many other states to take action after a period of wait and see to determine the impact of CCPA.” A handful, including New York and Massachusetts already have crafted their takes.
“We are still nowhere near a consistent approach to privacy and personal information usage in the United States and I do not anticipate this changing with a federal regulation any time soon,” says Durbin, though a proliferation of state laws will likely nudge Congress toward acting on the national level.
He points to “a very real need for a federal law to avoid states introducing their own variations and interpretations on privacy which adds a further compliance burden to already overstretched businesses looking to understand and comply with their obligations across the various regions in which they are transacting business.”
Indeed, the notion of a national law has gotten a boost from tech giants like Apple, Google and Facebook. “Tech CEOs have been very vocal in their support,” says Baffle cofounder and CEO Ameesh Divatia.