It’s been quiet lately. Hopefully, it is not a calm before a storm if you will. I crawled out from under my rock and found that the State of California law that offers new consumer protection went into effect Jan 1, 2020. So I poked around the Interwebs to learn about what to expect. For what it’s worth, I am not a resident of California so I am not particularly entitled to these new protections today. I do think it is a sign of what is coming. Europe implemented the General Data Protection Regulation a couple of years ago. There are more states adopting more consumer protections each year. Let’s hope they have enough teeth to have an impact. I took some time to read through the law  to highlight it for you. Please note, I am not an attorney or even have interest in being one. Let’s take a look.
The CCPA – California Consumer Privacy Act  was passed in June 2018 and went into effect January 01, 2020. Some report that the Attorney General office will begin enforcement on July 01, 2020. The law itself  does not cite any enforcement date. Some companies have released statements they are adopting this for all customers, not just those in the State of California. FWIW, I have seen some sites recently, even prior to the first of the year that are now offering conspicuous opt out links.
- Grants consumer a right to request… - specific pieces of information that it collects. - categories of sources from which that information is collected. - the business purposes for collecting or selling the information. - the categories of 3rd parties with which information is shared. - deletion of personal information…upon receipt of a verified request. - the business to not sell personal information (opt out) - Authorizes businesses to offer financial incentives for collection of personal info. (They must opt in) - Prohibits businesses to sell information of a consumer under 16 years of age without an opt in. - Businesses are not required to provide information more than twice in a 12 month period. - Businesses must provide a clear and conspicuous link on the Internet home page titled "Do Not Sell My Personal Information"… - Consumers "opt out" is good for 12 months before the business may request to authorize the sale of information. If you think there are any other points to highlight that I did not mention, then please comment below to add to the discussion.
ISC Handler on Duty
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.