Businesses collect and evaluate vast amounts of customer data to better understand their market, identify opportunities for growth, personalize marketing campaigns, and improve their products and services. However, consumers have become increasingly wary about how much of their data is being collected and how that data is being used.
In a recent KPMG survey of U.S. consumers, 86 percent said data privacy is a growing concern for them, and 88 percent said corporations should provide more transparency about their data protection processes. Other studies suggest those concerns are entirely justified.
More than 15 billion password and username combinations — more than two for every person on the planet — are now in circulation in cybercriminal marketplaces such as the dark web, according to research from Digital Shadows. That’s roughly a 300 percent increase since 2018.
To regain customer trust, companies should take steps to demonstrate compliance with data privacy legislation such as the two-year-old California Consumer Privacy Act (CCPA). The act, which went into effect on Jan. 1, 2020, places significant limitations on the collection and use of a consumer’s personal information, and it gives consumers more control over how their personal information is used.
Although the CCPA is state legislation, it has global reach. It applies to any business that collects data from California residents — regardless of where the business is physically located. In the absence of federal data privacy protections, several other states have followed the California model. Virginia, Indiana, Wisconsin and Colorado have enacted data privacy laws, and at least 38 other states introduced consumer privacy legislation in 2021 including Delaware.
Although there are variations from state to state, these bills all tend to emulate the California law’s establishment of a series of consumer rights. The CCPA specifically gives consumers the following rights:
• The right to know. Businesses are obligated to inform customers upfront that their personal information is being collected, what categories of information they are collecting and the purpose of the collection.
• The right to disclosure. Upon receipt of a verifiable request from a customer, businesses must disclose what personal information they have collected on them in the previous 12 months.
• The right to be forgotten. Businesses must delete customers’ personal data upon request, although there are some exceptions.
• The right to opt-out. Consumers can ask businesses not to sell their personal information to third parties.
• The right to equal services and prices. A business may not discriminate against consumers who exercise their rights under the CCPA by denying goods or services or charging a different price or rate for them.
Failure to comply can result in fines of up to $7,500 per violation, which can quickly add up when you consider that data breaches typically involve tens of thousands of unique records. Beyond the fines, breaches can also result in civil lawsuits, lost customers and damaged reputation.
Of course, companies should not view data protection as just a way to avert negative consequences. It also creates important business benefits by building trust and loyalty with customers, mitigating losses from data breaches, improving efficiency and enhancing data analytics.
At SSD, we recognize that achieving and maintaining compliance with data privacy regulations can be a resource-intensive process, particularly for organizations with limited in-house staff and expertise. Our data protection experts can help you understand and comply with the myriad government and industry regulations that mandate data security and privacy. We can also manage your IT environment on an ongoing basis, applying encryption, authentication, identity management and data loss prevention solutions that protect sensitive data.
Give us a call at 302-472-2204 or schedule an appointment online to learn more about ensuring the privacy of your customer data.