How Security Regulations Put A Financial Strain On Companies
As of Jan. 1, 2020, the California Consumer Privacy Act (CCPA) regulates how large businesses store and secure customer data. Companies that make over $25 million a year in gross revenue must now govern their data protection by CCPA rules.
The CCPA is the latest in a series of national and global data privacy laws, such as the GDPR, that have sprung up in the past couple of years in the wake of the massive data breaches at major companies, along with the Cambridge Analytica/Facebook scandal.
The need for some regulation around data privacy is obvious, but I believe that these new regulations may not give proper thought for longer-term ramifications to small businesses or those in the technology sector.
I’ll use Lyft as an example. Lyft stores data on each rider, such as their name, location, payment information and other relevant data the client may have provided. Under the CCPA, customers have a right to access their data being collected by Lyft, along with any other third-party companies purchasing the data. They can even ask the company to delete their information, and the company will be mandated to comply unless they require that information to do business with the customer (and most companies do). Then what?