big action in california compliance

Big Action in California Compliance

California may be best known for Hollywood movies and celebrities, yet today it is the U.S. state where a different blockbuster drama is playing out – with the California Consumer Privacy Act (CCPA) taking concrete action against non-compliance.

Yes, the EU’s General Data Protection Regulation (GDPR) set the stage for better compliance when it went into effect as far back as 2018, trying to protect consumer data and privacy with business regulation. And it has shown it means business with record-setting fines, including the proposed $425 million fine against Amazon.

Meanwhile, America has been trailing far behind the EU. It has not passed a federal data privacy law, and only several states have done so – including Virginia, Colorado – and California, where the 2020 law, already at play now, will be in effect with a more aggressive version by January 2023.

The measures in California are breaking new ground, ensuring that business data collection is compliant – even dating backwards – and that resident consumers have the right to know, the right to delete, the right to opt out, and more.

The CCPA in its first year, put a myriad of businesses on notice because of noncompliance.

A grocery store chain, a social media company, a mass media and entertainment conglomerate, and an online dating company are just some of the businesses that were notified and forced to take steps to achieve compliance within the 30-day cure period.

But they’re not just targeting the obvious giants. Even those who might expect to stay under the radar are potentially on the chopping block. A children’s toy distributor received notice that it had failed to inform consumers of their CCPA right, and a pet adoption agency was called out because it failed to disclose the sale of personal data in clear, consumer-friendly language. The CCPA is clearly not pulling any punches.

Not surprisingly, what is happening with CCPA has also prompted other U.S. states to start to rethink their own policies – or lack thereof. All that’s happening in California may be a bit of a teaser of what’s to come, the trailer to the larger movie that will soon be playing out everywhere, because the scrutiny of consumer protections is only spreading.

This spread makes sense because there is a genuine disconnect between what consumers want in data protection and what most businesses are doing. A study from Consumer Reports shows that 65% of American consumers say they are slightly or not at all confident that personal data is private. 96% of Americans agree that more should be done to ensure that companies protect the privacy of consumers. And 42% of consumers believe that companies should be the most responsible for user privacy.

More online users are fed up with the lack of control over their own data lives. They want the power to permanently delete archival data from public searches, as their lives and even ‘brands’ change. And many use apps like ItsMyData to opt-out of marketing pitches driven by data sharing.

Research suggests that organizations themselves are well aware of their position and the challenges they face. In May 2021, according to an independent Golfdale Consulting survey, just 62% of enterprise leaders described themselves as knowledgeable or very knowledgeable about CCPA as it pertains to their businesses. There is no denying the issue. 

Contact centers especially should expect to be scrutinized, given the amount of personal information they have. The more information held on customers, the more they are exposed.

Contact centers should be asking themselves: Do we hold as little customer information as possible? Do our agents know how to deal with data privacy? Are we practicing consent for recorded interactions – and do customers know where their data is held and for how long? The regulations may be confusing but contact centers that can demonstrate they’ve taken a proactive approach to securing customer privacy will be seen more favorably when the authorities come looking for them, for example, with an audit.

As the gap expands between consumer expectations and organizational protections, it is inevitable that regulatory bodies will start to circle overhead, like we are seeing in California. These developments and the beginning of fines now unfolding, mimic what we saw with the GDPR, where slowly but surely the fines have grown. Organizations need to be proactive and find the right options, such as NICE Compliance Center, which turns adherence complexities into simplified tasks that avoid violations. When violations do occur, it uses automated processes and analytics tools to discover gaps in adherence, provide real-time notifications to agents, and the tools to take corrective actions. Such solutions will allow organizations to protect consumers and get ahead of the regulations and fines, because it’s clear what is coming. We’ve seen how this movie ends.

Learn more about how to protect your business and your customers here.