January 2020 and California has become the first US state with a comprehensive consumer privacy law: the California Consumer Privacy Act (the “CCPA”).
The CCPA gives California residents new rights when it comes to how their personal information is collected, processed, used, disclosed or retained by companies. It follows the global trend towards stricter privacy laws with very real teeth (think the GDPR in Europe).
Companies in California that fall under the scope of the CCPA will have duties and obligations when it comes to any personal information they use. And it’s not going to be cheap: according to preliminary estimates in the Standardized Regulatory Impact Assessment for the CCPA, it will cost California businesses a total of $467 million to $16,454 million to comply with the regulation (and this number does not account for the general compliance costs associated with the underlying CCPA law, just the big regulatory changes companies will need to adapt to).
If you do business in California and you’re using real data to train your models, you should be worried. Obligations under the CCPA may expose your business to substantial risk. And this is just the beginning, as domestic privacy legislation in the United States starts to unfold in the wake of the CCPA.
So what should you watch out for?
These are five key CCPA requirements that may cause the biggest impact:
- The CCPA creates new consumer rights to data access and erasure/deletion;
- The CCPA gives consumers the right to opt-out of data selling, and this option has to be clear and conspicuous;
- Companies will need to do a data inventory and mapping of in-scope personal data and instances of “selling” data;
- Companies will need to update their service-level agreements with third-party data processors; and
- Companies will need to remedy any information security gaps and system vulnerabilities to meet the new higher standards of the CCPA.
If you have any questions, reach out. We’ll be happy to talk about how using synthetic data can eliminate any data privacy concerns.
Here is a basic breakdown of the rest of the CCPA:
 Berkeley Economic Advising and Research, LLC, Standardized Regulatory Impact Assessment: California Consumer Privacy Act of 2018 Regulations (2019).