The Changing Landscape: Preparing Your Company | Netchex

The last few years have seen a significant shift in privacy—and the next few years are guaranteed to see more efforts on that front.

As previously discussed, California has set the bar high with several specific requirements for businesses. Many states modeled their legislative attempts after the CCPA, while others chose to follow the lead of GDPR.

In either case, trends have emerged that are likely to be prominent as states move forward. It behooves companies, organizations, and other private sector entities to start preparing for the future now.

The primary goal of states’ legislative efforts is to give consumers control over their own information. Businesses have been collecting data on consumers through a variety of means for several decades with practically no rules for how they safeguard, use, or distribute that information. The individual has had no say in how their personal information spreads across web and makes its way into the hands of unscrupulous and malicious people. States are finally attempting to empower consumers with rights to control their own information.

The definition of personal information is clearly expanding. Whereas, it used to be name, social security number, address, and other basic information to identify a person, many states are now broadening it to include less obvious indicators, such as IP addresses, biometric data, internet activity, etc.

One key element of giving consumers control over their information is the right to opt out. The individual must have the ability to tell an organization that they do not allow their information to be distributed. State legislators are defining distribution more broadly. For example, under the California law, “selling” is defined as selling, renting, releasing, disclosing, trading for monetary or other valuable consideration, disseminating, making available, transferring and, lastly, communicating orally, in writing, or electronically. Other states define may define it differently, but the trend is present across most states.

The last emerging trend is the private right to action. Several states are permitting the individual to skip the bureaucracy of consumer agencies and take a business straight to court when a violation of their privacy has occurred. State attorneys general and other offices are unable to handle the workload, so in most cases, the states are skipping the middleman. As one might imagine, class action attorneys are salivating at the idea.

It is also worth noting that state privacy laws are reaching across borders. Businesses with data on California consumers, for example, are obliged to comply even if they are in Florida. The same will apply for other states.

While the specifics may vary, the general direction is clear. States are taking control of privacy matters from businesses and putting them back into the hands of consumers. Now is the time to prepare for these changes whether they get voted into law in 2020 or beyond.

Netchex Not Impacted by SVB & Signature Bank Closures