Much like children anticipating Santa Claus companies are eagerly wanting to get clarity on several key topic definitions that have been raised within California Consumer Privacy Act (CCPA). Similar to most new laws and regulations case law will be needed to help define certain key areas.
In a recent article titled “California lawmakers smooth over some of the CCPA’s rough edges” (here) Jim Halpert walks though some of these topics. One of the most interesting topics reviewed is de-identification. This one is very interesting because right now there’s a HUGE movement by companies to create a single view of their customers and CCPA may completely break that.
Directly from the article here is a key snippet:
“The second compromise would substitute the 2012 FTC staff report “reasonably linkable” de-identification standard for the CCPA’s current definition, which is circular with the CCPA definition of “personal information” — so is effectively no exception at all. De-identified data would mean data that “does not identify is not reasonably linkable, directly or indirectly to a particular consumer provided that the business makes no attempt to re-identify the information and takes reasonable technical and administrative measures designed to:
- Ensure that the data is de-identified.
- Publicly commit to maintain and use the data in a de-identified form.
- Contractually prohibit recipients of the data from trying to re-identify the data.”
This standard would provide a path and a clear incentive to de-identify data in order to limit the range of data held by companies that would be subject to CCPA requirements. For example, it would very likely have the effect of exempting IP addresses and device IDs that are maintained separately from personal data and cannot be queried or accessed by employees or third parties who could link the data. Similarly, personal information that is one-way hashed or encrypted would be exempt, as would data that is kept separately, never combined and that the business has publicly committed to maintaining in de-identified form.”
While this article focuses on identity and profile management it is very important to remember that another key feature is the ability to delete a profile when requested. This is where RIVN comes into play.
Companies small and large looking to tackle those standards required by CCPA and finding companies like RIVN to help. RIVN brings purpose-built API functionality to the table to support these types of challenges. For digital marketer and legal teams the greatest hurdle specific function of the “Deleting” a consumer data. Contemporary organizations are searching for solutions and companies such as RIVN have stepped up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet to business need and be ready for what is next.
To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/
To learn more about regulations mentioned above please see the following links below:
- California lawmakers smooth over some of the CCPA’s rough edges
- CCPA: What Marketers Need to Know about the California Consumer Privacy Act
- CCPA – California Consumer Privacy Act Explained
- The California Consumer Privacy Act What to Know—and What to Do