How CCPA May Impact the Future of Public Records Management
Businesses all over the world have been scrambling to make major changes to their records management practices—driven by a new law in California.
The California Consumer Privacy Act (CCPA) creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by any company that does business in California. This means that if a customer in California orders and receives a product or service from a company headquartered in Germany, that German company must comply with CCPA.
How are Governments Impacted by CCPA?
Government organizations are currently exempt from the CCPA. However, agencies must recognize that their own collection and use of personal data may put them in challenging positions as data privacy rules change. In fact, many states across the nation are already introducing bills—or have even enacted laws—regarding data privacy.
Local governments around the country are already collecting and retaining personally identifiable information (PII), and in some cases, selling it:
- The Los Angeles Department of Transportation receives geodata from thousands of dock-less scooters available for use around the city.
- The California Department of Motor Vehicles generates $50 million in revenue for selling drivers’ personal information.
What Local Governments Can Learn from CCPA
Local governments will need to prepare for the very possible future of changing their public records management practices as constituents become more mindful about how their personal information is used or shared.
More bills may even take inspiration from CCPA, which enables California consumers to:
- Demand all information the company has collected and saved on them in the past 12 months.
- Demand the deletion of their data.
- Learn how their data is processed.
- See a list of all third parties who may have access to their information.
- Opt-out of the sale of their personal information to third parties.
- Sue organizations if the privacy guidelines are violated, even if there is no breach.
A major criticism of the CCPA is that it excludes California state and local governments’ collection and use of personal information. This doesn’t mean agencies are off the hook. There’s already discussion on applying similar controls to California governments.
And with the governor signing five amendments to the CCPA just months from its enforcement date, it proves that data privacy laws are constantly evolving and can shift at a moment’s notice.
To learn how your agency can better prepare itself for data privacy laws like CCPA, read our guide, How CCPA Impacts Public Records Management.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.