Storage system in data centre showing the criteria when searching for CaCPA-compliant data partner to protect consumer privacy
The California Consumer Privacy Act: What to Look for in a CaCPA-Compliant Data Partner by Albert A. Ahdoot, Director of Business Development at Colocation America

The California Consumer Privacy Act: What to Look for in a CaCPA-Compliant Data Partner

As laws protecting consumers’ data are put into place, many companies will start to demand more from their data partners.

In our capacity as consumers, we have all reaped countless benefits from technological advancement—more effective channels of communication, faster access to international goods and services, and higher-performing digital products, to name but a few. But like most progress, these technologies come with their own set of new concerns.

For many consumers, privacy—specifically, a lack of it—has become an increasingly pressing concern as digital tools have continued to proliferate throughout their lives. The California Consumer Privacy Act (CaCPA) is the latest attempt to protect consumers in the rapidly evolving digital landscape, but what, exactly, does the legislation entail?

Improved Privacy Protections

Signed into law last June, the CaCPA will go into full effect in January 2020, and will afford consumers the right to ask businesses what personal information they have collected, why that information was collected, how it was collected, and perhaps most importantly, who it was shared with.

But that’s not all. Consumers will also be able to request that companies withhold from sharing their personal information with third parties. They can even ask that a company delete any record of their personal information entirely.

All of these protections must be guaranteed without penalty to the consumer. In other words, businesses can’t tack on additional charges or provide lower-quality service to individuals who choose to exercise their newly-enumerated rights to privacy. This arrives at a welcome time for many consumers who, in light of scandals like the Cambridge Analytica and Facebook debacle, are demanding to know more about how their data is being used.

A Steep Price to Pay for Violating the CaCPA

Come January, companies will need to step up to the plate to efficiently address the privacy-related requests of their consumers. However, in addition to delivering more comprehensive privacy protections, under CaCPA, companies will also have an increased obligation to ensure the security of consumers’ data.

What happens if they don’t? Fines run up to $2,500 per violation, and can reach as high as $7,500 if it’s determined the violation was intentional. Beyond these standard fines, consumers will have the right to sue companies who fail to comply with the CaCPA guidelines. In short, there’s a great deal of money to be lost for businesses that don’t take appropriate steps to protect their consumers’ data.

What’s more, this new data privacy and security paradigm won’t just impact California-based companies. The CaCPA applies to all organizations that engage with California residents, exceed $25 million in gross annual revenue, and buy, sell, or share the personal information of at least 50,000 users.

A Partner in Compliance

The CaCPA has triggered a tidal wave of stress for businesses in California (and beyond) that are trying to navigate this complex, shifting landscape. In an effort to ensure all appropriate security measures are in place, many organizations are seeking colocation providers that offer exceptional, reliable, CaCPA-ready service. Among other things, these organizations need colocation partners that are willing and able to facilitate:

1.     Data encryption: Data encryption involves the translation of data into a code that can only be read with a unique decryption key. Approaches to data encryption vary—some choose to encrypt data before it is sent to the cloud, others while the information is on its way to the cloud. In the CaCPA era, what will matter most is that consumers’ data is kept encrypted, and that organizations own their encryption and decryption keys. As a company, these keys are the gateway to all your consumers’ data, and should be protected at all costs.

2.     Data anonymization: This is a process that strips data of any personally identifiable information (think: names, addresses, phone numbers, etc.) while preserving the non-identifiable information (type of device being used, language preference, etc.). Anonymization protects consumers’ privacy while allowing companies to gain insights from data that isn’t highly personal. That’s a huge win for consumers, but also for the many companies that need access to data to improve and innovate.

3.     Strong user authentication: Most people are aware they have the option to unlock their smartphone using their fingerprint as a passcode. This is one of the most common examples of a strong user authentication protocol. To help their clients keep consumers’ data safe, colocation providers should consider implementing multi-factor authentication protocols that feature biometric security or the use of smart cards or cryptographic tokens. This type of layered approach is the best way to safeguard against those who would try to crack into sensitive data.

Data encryption, data anonymization and strong user authentication are 3 key services that a CaCPA-compliant data partner should provide. #respectdataClick to Tweet

Ultimately, the colocation providers that work with their clients to meet these demands will be ideally positioned to help companies avoid hefty fines and a damaged reputation once the California Consumer Privacy Act (and other legislation like it) goes into effect. In an era where data privacy and security makes headlines on a weekly basis, having this type of partner will come as a huge relief for businesses looking to get ahead in the digital space.