General Data Protection Regulation (GDPR) continues to a force to be reckoned with. Although the GDPR is focused on protecting the privacy of European Union (EU) citizens, companies all over the world need to be ready to meet the standards set forth by GDPR. This includes companies large and small. The main teeth behind GDPR are penalty 4% of total annual income or €20 million (which event is higher) per infraction. Ouch!
This week Facebook was hit with three privacy lawsuits including one directly related to GDPR. Below is an excerpt from a recent Techcrunch article.
“First came a probe by the Irish data protection authority looking into the breach of “hundreds of millions” of Facebook and Instagram user passwords that were stored in plaintext on its servers. The company will be investigated under the European GDPR data protection law, which could lead to fines of up to four percent of its global annual revenue for the infringing year — already some several billions of dollars.
Then, Canadian authorities confirmed that the beleaguered social networking giant broke its strict privacy laws, reports TechCrunch’s Natasha Lomas. The Office of the Privacy Commissioner of Canada said it plans to take Facebook to federal court to force the company to correct its “serious contraventions” of Canadian privacy law. The findings came in the aftermath of the Cambridge Analytica scandal, which vacuumed up more than 600,000 profiles of Canadian citizens.
Lastly, and slightly closer to home, Facebook was hit by its third investigation — this time by New York attorney general Letitia James. The state chief law enforcer is looking into the recent “unauthorized collection” of 1.5 million user email addresses, which Facebook used for profile verification, but inadvertently also scraped their contact lists.”
As these lawsuits demonstrate, no company is above the law and new regulations. It will be critical for companies small and large looking to tackle those standards required by GDPR finding companies like RIVN to help. RIVN brings purpose-built API functionality to the table to support these types of challenges. For digital marketer and legal teams the greatest hurdle specific function of the “Deleting” a consumer data.
Contemporary organizations are searching for solutions and companies such as RIVN have stepped up to meet this need with an easy to use SAAS based single function that allows brands worldwide to meet business needs and be ready for what is next.
With the California Consumer Protection Act (CCPA) going to affect January 1, 2020 lots of companies are rushing to get their systems in place to ensure compliance. The team at Data Privacy Monitor recently posted an article about the top questions they have received which can be found here. They posted the Top Ten questions they have received.
Here are some of the new details of the proposed bill. It should be noted the refuse to deletion has gotten stricter:
Renames the California Consumer Privacy Act of 2018 as the Privacy for All Act of 2019
Requires an affirmative opt-in consent by consumers for sharing of personal information
Businesses can only delay, but not refuse, a consumer’s right to delete data for so long as reasonably necessary for one of the exceptions to no longer apply
Increases transparency obligations regarding data sharing activities, including specifics of personal information shared and the entities with whom personal information is shared
Increases diligence requirements for service providers and narrows the safe harbor for service provider violations
Makes fundamental changes to a consumer’s private right of action and other statutory damages, increasing potential exposure and liability to businesses
For the deletion function, this is where RIVN is here to help companies get ready for CPPA. For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business need and be ready for what is next.
In recent years new regulations in California (CCPA) and Europe (GDPR) have garnered lots of headlines. However, it is important to note the countries around the world are creating, updating and enforcing lots of privacy laws to protect their citizens. One example in a recent article was published is an update to Japan’s Act on the Protection of Personal Information (“APPI”) found here.
credit : HR Privacy
Similar to the other regulations the ability to delete customer data is critical.
“The APPI requires that a business operator strive to keep personal data accurate and up to date within the scope necessary to achieve a utilization purpose and to delete the personal data without delay when such utilization has become unnecessary. A business operator may also be required to correct personal information that a principal demands be corrected.”
When it comes to the digital deletion activity that is where RIVN is here to help companies get ready for CPPA, GDPR, AAPI. For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet to business need and be ready for what is next.
While companies operating in or selling to California citizens are preparing for the California Consumer Protection Act (CCPA) a few key areas should be re-examined by marketers. First, taking a step back it is important to understand if your company will be required to meet the standards that CCPA requires.
Which include the following:
Businesses with annual gross revenues of at least $25 million
Data brokers and other businesses that buy, receive, sell, or share the personal information of 50,000 or more consumers, households, or devices
A business that gets the majority of its annual revenue from selling consumers’ personal information.
With these mandates in place, it is easy to show that the vast majority of businesses will need to prepare for CCPA. While several legal teams, companies, and consultants have used fear tactics to drive change, which is fair and reasonable. It is also important for companies and specifically for marketers to think about what they change to meet the CCPA requirements. In a recent Litmus article found here they walk through a few key steps at we at RIVN have found valuable:
Reconsider whether you want to use third-party data. The CCPA gives consumers the right to know “the categories of sources from which the personal information is collected.” If your company is buying third-party data beyond what is publicly available about your customers or prospects, it will eventually come to light via a CCPA request. If your company would be uncomfortable explaining that to customers, then you might want to halt the practice.
Reevaluate the data fields on your forms and profiles. The CCPA is part of a clear shift toward data transparency that spurs businesses to make greater use of data that is collected directly from their customers. Is there information that you’re currently getting via third-parties that you could ask customers and prospects for directly? Longer forms increase abandonment rates, but smart progressive profiling at the right moments can maximize completion rates.
Only collect data that you have a clear immediate use for. Data is power, but it’s also increasingly a liability. Limit that liability by being selective about what data you save, particularly when it comes to personally identifiable information (PII).
Create a mechanism that can delete a consumer’s information, when requested. Both CCPA and the GDPR stipulate that consumers have the right to be forgotten and request that any data your company has on them be deleted. There are some caveats on what data a business can retain for legal, compliance, and business reasons, but a mechanism must exist to quickly delete all other information about a consumer.
Don’t sell information about your customers or users. If you’re going to sell user information to other companies, the CCPA requires you to keep a record of all sales for 12 months and provide a “clear and conspicuous” link on your website with the call-to-action “Do Not Sell My Personal Information” so people can opt-out of that practice. Selling the data of children 16-years-old and younger has even more requirements. Such a button and other permission requests would surely raise privacy and security concerns for would-be customers. Your company can avoid the need for such a button by not selling customer information.
From this article point, #4 is where RIVN is here to help companies get ready for CPPA. For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet to business need and be ready for what is next.
The Right to Erasure/Forgotten aka Deletion has been a highly visible topic analyzed in both the General Data Protection Regulation (GDPR) and California’s Privacy Protection Act (CCPA). While most articles on this topic include this right as one of the primary rights related to the regulations, few do a deep dive like the one recently posted by Continuity Central found here.
One question that we at RIVN continue to hear is about hard backups like tape. Here is how the Continuity Central highlights this topic:
“When end-users request their data be deleted, they (and the law) expects that all copies of their data will be disposed of, no matter where it resides, including any third-party data processors, and all backups. However, finding and removing specific PI on backup tapes is time consuming and costly. Imagine finding and deleting all instances of specific PI on fifty backup tapes.”
While RIVN does not support offline backup today we can support this overall strategy. When it comes to the digital deletion activity that is where RIVN is here to help companies get ready for CPPA. For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SAAS based single function that allows brands worldwide to meet business need and be ready for what is next.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.