Last week, the State of California passed new legislation to protect the rights of Californians when it comes to data privacy and security.
Similar to the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act 2018 (AB 375) focuses on providing Californian consumers with control over their personal data. When it takes effect, in January 2020, it will be the strictest data privacy law in the United States.
- The right to know what personal data has been collected
- The right to opt out of the sale of your personal data
- The right to have your personal data deleted
- The right to know which categories of data are collected, prior to its collection, and be informed of any changes to this collection
- The right to know the category of any third party with whom your personal data is being shared
- The right to know the categories of sources of information from whom your data was acquired
- The right to know the business or commercial purpose of collecting your information
- The right to take legal action when an organization breaches personal data
Who does AB 375 apply to?
The law applies to for-profit businesses that do business in California and either:
- Have annual gross revenue of $25 million or more;
- Collects, sells or shares for commercial purposes the personal information of at least 50,000 consumers, households or devices; or
- Derives at least 50% of its annual revenues from selling consumers’ personal information.
The law also applies to affiliated, co-branded entities of businesses that meet the above criteria, even if the affiliate doesn’t do business in California.
So how can organizations prepare for the January 2020 deadline?
The Egress platform is a data privacy and risk management solution that helps organizations comply with data privacy regulations, including AB 375. With its intelligent, user-centric approach to data security and compliance, the Egress platform helps organizations secure data, manage risk and audit email usage. Building on a decade’s experience working with Government, Healthcare, Defense and Private Sector organizations with complex compliance challenges, the Egress platform supports millions of users globally as they interact with sensitive content daily.
Egress helps organizations comply with AB 375 by enabling users to:
- Easily fulfil personal data search requests
- Pinpoint customer data within emails, and delete it
- Rapidly discover sensitive PII data within email systems
- Automatically classify and label sensitive email data
- Prevent email mis-delivery and alert users to potential mis-addressed emails to proactively prevent data breaches before they happen
- Enable secure sharing of sensitive emails and attachments both internally and externally, utilizing automated, policy-based encryption
- Provide detailed reports to prove that sensitive data is being protected as it is shared and stored
- Detect data breaches in real time including built-in reporting for notifying authorities
- Integrate with Microsoft Office 365 and Google G Suite, as well as other hosted, on-premise and hybrid deployments
California has long been a driving force in US data protection regulations and was the first state to introduce legislation on data breach notifications and website privacy policies. We can now expect many states to follow suit. With Egress, companies can both ensure that sensitive data is processed securely, and proactively detect and prevent accidental and malicious sends, to help companies comply with regulation AB 375 and prevent violations in the future.