Thought Leadership

Data Security: What Does the CCPA Mean for Your Business?

Endre Jarraux Walls
Chief Information Security Officer, Customers Bank

ccpa tl

As our world becomes more digital, government agencies and businesses alike are being confronted with questions about consumer data. What’s being collected? How is it being used? Is the data secured? Answers have varied, and haven’t always been transparent. In response to the ever-growing and complex world that is the internet and data collection, the California Consumer Privacy Act of 2018 (CCPA) was passed and went into effect on January 1, 2020.

If you are a business owner or IT decision maker, you’ve likely already taken steps to ensure that your business, website and data collection procedures are in compliance with the CCPA. And things are still in motion- lawmakers and CCPA advocates are working on a new round of privacy regulations. These additional regulations could create a distinct agency to enforce the laws and create an opt-in system for consumers under the age of 16. The new round of regulations could further restrict the use of what the initiative calls “sensitive personal information,” which includes data such as location, health status and sexual orientation. This means business owners and technology leaders should stay tuned as additional developments are debated and implemented.

Are you feeling overwhelmed? While all the changes and new compliance measures can make your head spin, I see this as a big opportunity for business leaders and decision makers to rethink their approach to data collection and security. The response to the CCPA should not be a band-aid approach that simply checks the box. Instead, business owners can leverage this moment and answer the shift in the law with strategic change. Strengthen the security of data and strengthen trust with consumers.

The changes required to make your business compliant with the CCPA can offer guideposts for establishing sustainable processes that support the health of your business. For example, desensitizing information and using pseudonymization or anonymization can be a simple and effective approach that would, in essence, render all information useless to data miners.

I’ve read many articles about the business expense – both money and time – that the CCPA will have for businesses. I’d argue that the cost is inevitable, though. Whether in response to the CCPA or the increasing consumer demand for data security and digital transformation, businesses will need to move toward investing in their data infrastructure and strategies that allow all the functions of a business to operate seamlessly together. Our new normal includes a heavy emphasis on the digital economy. Companies that accept and adopt an offensive strategy will remain competitive, while those that choose to hold out may not survive.