May 18, 2019 - 80 views|
Financial services firms are grappling with the challenges of CCPA, California's impending privacy regulations. Here's how to develop a compliance roadmap.
When the first customer calls from California on Jan. 1, 2020, to inquire about personal data, will your bank know what to do? For most, the answer is no.
Banks and financial services firms around the world are grappling with compliance challenges as the start date draws closer for the California Consumer Privacy Act (CCPA). All companies that do business in California, regardless of where they’re based, are required to comply. The real key isn’t just preparation, however; it’s execution.
The scope of CCPA’s groundbreaking regulations is broad. It entitles every Golden State resident the right to opt out of data collection, including household details, browsing and purchase histories, and geolocation points. Consumers can also request all paper records to be deleted, and are entitled to receive a record of their data that’s been collected and sold, upon request. Consumers who exercise their rights under the CCPA can’t be given lower levels of service.
Given the sweeping provisions, there’s significant confusion. It’s easy to misunderstand CCPA in light of the European Union's General Data Protection Regulation (GDPR), the comprehensive law that took effect in May 2018. We’ve heard companies mistakenly say they prefer to focus on GDPR, or that they’ll simply apply the preparation they undertook for GDPR to CCPA.
Yet the two laws differ. For one, GDPR stipulates that companies have a “legal basis” for collecting and using personal data. Additionally, a privacy notice that meets GDPR criteria likely won’t satisfy CCPA.
Noncompliance with CCPA is potentially costly. Fines cap at $7,500 per violation. A penalty affecting the data of, say, 100,000 customers risks putting a company out of business.
While your organization can’t just dust off the work it did for the GDPR and emblazon CCPA across the front, it can leverage the teams, action plans and structures they’ve already put in place.
Building a compliance roadmap starts with the following assessments:
Consumer interest in personal data protection is rippling through every industry. While interest in trust and transparency is especially keen in the information-intensive banking industry, it’s also affecting insurers, healthcare providers, and communications and media companies. Only 48% of people in the U.S. say they trust businesses, falling from 58% last year. With its emphasis on transparency and responsiveness, CCPA has the potential to make or break companies’ reserves of consumer trust.
CCPA should be a wake-up call – make that a trumpet blast – for banks. The bar is set for banks to demonstrate that they value consumers’ privacy not just because it’s law but also because consumers want it.
Be ready when that first call comes in 2020.
To learn more, please visit our CCPA for Banking website.