A few years ago the CCPA passed in California. This was the first large scale effort in the US to provide some legislative action on data privacy in the wake of the GDPR taking effect in the EU. While there have been some actions under the CCPA, it didn’t seem to have as much of an affect on how data is managed as the GDPR did.
However, in November 2020, the citizens of California passed Proposition 24, which was seen as a CCPA 2.0. This expands data privacy laws and allows consumers to direct businesses not to share their information.
To me, this is a good trend in that consumers want more say in how businesses use their data. Unlike a law passed by a legislature, consumers would have to amend this in another vote. This places a greater burden on businesses, both to handle data more carefully, but also to ensure more cybersecurity. I think this just requires business to stop giving lip services to these items and actually back up what they claim they want to do.
I also like that consumers have new rights, which is important. I’ve been dealing with the GDPR at Redgate Software for a few years and this hasn’t been overly burdensome to many businesses. It is work, but often many companies have played fast and loose with consumer data in the past, and now they need to respect their customers’ rights more.
I wish this type of regulation were in place across the entire US, and I hope it becomes a focus in the future. While this can raise some costs, it also requires good practices for data handling and security, something that most of us want from every company. If you need to use data, protect it.