Privacy advocates have long called for a federal privacy law and it’s coming…in the mean time, experts say complying with the CCPA will lay the groundwork for future compliance with a federal law.
Like revelers packing Times Square on New Year’s Eve waiting for the ball to drop, a close teeming crowd of organizations spent the waning moments of 2019 – with both trepidation and excitement – ringing in the California Consumer Privacy Act (CCPA), one of the strongest state laws safeguarding privacy and whose underlying tenets might eventually serve as the basis of federal privacy legislation.
Although technically the CCPA went into effect New Year’s Day, in reality regulators won’t begin enforcing the law for another six months, which means for many enterprises struggling to comply, July will be a very hot month indeed.
“CCPA will impact any business above a certain size that handles personal data relating to a citizen of the state of California irrespective of where that enterprise may be located,” says Steve Durbin, managing director of the Information Security Forum (ISF).
Facing the prospect that the CCPA will likely embolden other states to codify privacy protections as well. “We’ll have to wait and see but in much the same way that GDPR has far reaching effects outside the EU,” he says. “I would expect many other states to take action after a period of wait and see to determine the impact of CCPA.” A handful, including New York and Massachusetts already have crafted their takes.