Skip to Content

Pivoting for privacy

Capgemini
2020-07-20

Back on January 1, 2020, the California Consumer Privacy Act (CCPA) transformed online privacy as we know it. The newly adopted laws have a long runway – organizations have 24 months from adoption until penalties can be levied – but businesses that are taking a wait-and-see approach may be putting themselves in the back of the pack.

So, what exactly is the CCPA?

The CCPA is a comprehensive privacy law that streamlines data-protection requirements across the state of California and addresses the export of personal data. The new policy is very similar to the EU’s General Data Protection Regulation (GDPR) that went into effect last spring.

Like the GDPR, the CCPA aims to give consumers more control over their personal data while simplifying the regulatory environment for businesses operating within the state of California. The law is expected to have a profound impact on the way businesses collect and protect personally identifiable information (PII) from consumers, with ramifications that likely will spread far beyond the borders of the Golden State.

In sum, the law creates new rights for California residents regarding access, deletion, and sharing of their PII. Here are some specific answers to some common CCPA questions:

  1. What data is covered by the law?
    The statute covers any data at all that can identify you as an individual. This includes names, addresses, phone numbers, email, etc.
  2. Who does the law cover?
    While the CCPA applies to California residents, it is also extended to prospective customers, employees, and even vendors and suppliers who operate in the state.
  3. Which businesses must comply with the law?
    Beyond just businesses in California, the law applies to any organization that does business with any individual protected by the CCPA. In reality, this means that the CCPA will have a far-reaching impact throughout the US, North America, and the world.

Why compliance is a value driver

Organizations have a long time to get ready for CCPA compliance – 24 months. While two years seems like a lot of time to prepare infrastructure, processes, and people, it is actually an extremely tight deadline.

Financially, non-compliance penalties can be severe: $2,500 per unintended violation and $7,500 per intended violation. These fines pale in comparison to the punishment levied by the GDPR, but, in a situation where an organization is committing multiple infractions, this can add up quickly.

Worse still, however, is the erosion of customer trust that would come from a violation. Trust and loyalty are the most valuable capital an organization can hold and losing these can be catastrophic. People are very defensive when it comes to their information, and it would behoove companies to prepare for CCPA compliance as early as possible to maximize this trust.

What should you do?

So, whether you have started preparing for CCPA or not, what is your next move? Luckily, I was able to share my thoughts on the matter with eCommerce Times.

Make sure to check out my CCPA prep list, and please reach out with any questions.

Spencer Lentz

Principal – Digital Customer Experience | AI & Digital Process Automation
I am passionate about helping our clients use technology to make better decisions so their people may work more efficiently.
As a Principal in Capgemini’s Pega Practice within the Digital Customer Experience (DCX) group, I work with leaders of major industries. My focus is to grow the portfolio of Capgemini’s solutions in artificial intelligence, digital process automation, and digital customer experience.
I am an expert at navigating the complicated worlds of AI and digital transformation. I help clients understand emerging technologies and platforms to achieve their business goals. I deliver high-level support across sales and marketing, customer service, field service, and sales automation. I scale innovation and digital transformation capabilities for companies and often design and run their automation and innovation centers of excellence.
Recent work includes
Adaptive recommendation engines for sales and marketing
Consumer data-privacy solutions for automation
Augmented reality for field-service engineers
Network-deployment management platforms
Complex event-processing engines for network monitoring
Customer-care optimization and proactive issue resolution
Recall management for auto and manufacturing.
And another thing…
Before joining Capgemini, I worked in various industries, serving as a Technical Consultant for a segment of the retail market, a Senior Manager for a broadband transformation company, and a Program QA Manager for a major media and entertainment company.