California Privacy Law - Compliance Policy
California Privacy Law address concerns raised by many users
California Privacy Law - Compliance Policy - Mandated privacy requirements are designed to protect the individual's privacy from unwarranted invasion, to make sure that personal information in possession of an entity is properly used, and to prevent any potential misuse of personal information in the possession of that entity. This policy establishes the processes and procedures, and assigns responsibilities, for fulfilling mandated privacy requirements.
California Privacy Law will not be required until 2020. However, its effect is being felt almost immediately. Companies like Google and Facebook will be severely impacted and may have to change their business models. At the same time, any enterprises doing business with California residents will have to begin to modify the way they collect, maintain, and use data that falls under the privacy regulations.
Not to be undone, several other states are already looking at creating their own “unique” sets of mandates for the privacy of consumer data that is available on the Internet. The likelihood there will be requirements in addition to the California Privacy mandate is high. At the same time, the GDPR mandated requirements are even more stringent.
California Privacy Law Mandates – What is required?
The law defines a consumer's Right to Privacy. The right to privacy has been mandated for implementation in 2020. There are five legs that the law addresses. They are:
- The right to know what personal information is being collected about them.
- The right to know whether their personal information is sold or disclosed and to whom.
- The right to say no to the sale of personal information.
- The right to access their personal information.
- The right to equal service and price, even if they exercise their privacy rights.
Janco has translated that into the following set policies which all enterprises will have to follow:
- Consumer’s Right to Know Information that Has Been Captured<
- Consumer’s Right to Have Data Removed
- Consumer’s Right to Know How Data is Used
- Consumer’s Rights to Data That is Sold
- Consumer’s Rights to Stopping the Sale of Data
- Consumer’s Rights to Not be Discriminated Due to Opt Out
- Enterprise Reporting Requirements
- Enterprise Internet and WWW requirements
GDPR Mandates – More extensive than California’s
The General Data Protection Regulation (GDPR) sets specific compliance requirement on how your business does business with enterprises and individuals in the EU.
The EU requires that enterprises need to have consent or legitimate interests to use personal data. Whether you rely on consent or legitimate interests for your marketing, you need to do similar things to make sure you are GDPR compliant:
- Be clear with individuals why you need their data at the point of collection
- Always use clear and concise language appropriate for your target audience
- Provide information at the point the data is collected. It cannot be hidden in small print.
- Give individuals control over their data. They should be able to decide whether to share their personal data with you or not.
- Under the GDPR principle of accountability, you should be able to demonstrate that you are compliant. This means recording the legal grounds for processing an individual’s personal data.
Janco’s Privacy Compliance Policy
Recently Janco released its Privacy Compliance Policy which addresses all of these issues.