California Consumer Privacy Act (CCPA): What you need to know to be compliant

The California Consumer Privacy Act could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect in 2018. The California law doesn’t have some of GDPR’s most onerous requirements, such as the narrow 72-hour window in which a company must report a breach. In other respects, however, it goes even farther.

The California Consumer Privacy Act (CCPA) takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.

CSO, which serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks, shares an excellent guide on what CCPA means to you.

https://www.csoonline.com/article/3292578/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html

Advertisements

Here Comes America’s First Privacy Law: What the CCPA Means for Business and Consumers

On January 1 2020, a landmark new data law comes into effect, subjecting U.S. businesses to a sea change of privacy regulations. After that date, Americans will be able to demand that charities disclose what personal data they have collected about them, and also ask them to delete that data. The California Consumer Protection Act (CCPA) will severely impact tech giants like Google and Facebook, as well as retailers like Macy’s and Walmart.

This heralds the end of an era in which the U.S. defied a shift in global privacy norms, and allowed American companies to commodify consumer data.

There remains, however, considerable confusion over how the law will be enforced, and how much of a burden it will be to U.S. companies. What follows is Forbes’ plain English explanation of the law, the politics surrounding it, and how it will affect businesses and consumers.

https://fortune.com/2019/09/13/what-is-ccpa-compliance-california-data-privacy-law/

Data compliance officer: the next big role in fundraising?

Fundraising charities rely on information about their supporters to survive; such as names and addresses, financial information and other private data. Information such as this will always be integral to the fundraising process, and the storage and safety of this information will be too.

GDPR’s rules around proving consent necessitate new processes at the back and front ends of data collection – and it’s going to be hard work. The fundraising sector has a lot of fundamental changes to make in a short amount of time.

Jenny Daw, editor of The Fundraiser, wonders that with so much to learn and do, there may well be a need for organisations to take on new talent and skills to push these changes through.

https://www.charitychoice.co.uk/the-fundraiser/data-compliance-officer-the-next-big-role-in-fundraising/724

Long Read: The philosophical dispute between fundraising and data protection

At the end of 2016, when the ICO fined several charities for breaching the Data Protection Act 1998, Ian MacQuillin, wrote a fascinating philosophical piece on how charities are perceived by different types of people.

Even though this feels like a long time ago, it’s still as relevant today as it was back then. Whenever you feel that GDPR and data protection are not your friend, have a read of this.

https://criticalfundraising.wordpress.com/2016/12/21/opinion-the-philosophical-dispute-between-fundraising-and-data-protection/amp/

Long Read: DPN Legitimate Interests Guidance – GDPR

The Guidance prepared by the Data Protection Network is a practical tool aimed at helping commercial and not-for-profit organisations to assess whether or not they can rely on Legitimate Interests as a lawful basis for processing personal data under the GDPR.

The Guidance covers:

  • Understanding what Legitimate Interests are
  • Identifying areas of processing where Legitimate Interests may apply
  • The Legitimate Interests Assessment (LIA) – the 3 stage test
  • Transparency and the consumer

https://www.dpnetwork.org.uk/dpn-legitimate-interests-guidance/

At last, clarity and sense about wealth screening, prospect research and updating addresses

Adrian Beney is back with an update on CASE’s work on providing guidance for charities for adopting GDPR best practise.

This document lays out in detail and with great clarity the circumstances under which these activities, regarded in recent years by some at the Information Commissioner’s Office as very controversial, can be carried out lawfully.

Follow the link below for full details.

https://www.linkedin.com/pulse/last-clarity-sense-wealth-screening-prospect-research-adrian-beney

Prospect Research and GDPR-compliant wealth screening

Prospect research and wealth screening do not sit easily with GDPR:

  • Can individuals reasonably expect to be researched for wealth?
  • Would they expect to charities to find public information about them and use it?
  • How about if the charity uses a third-party supplier?

Nicola Williams, MA in Philanthropic Studies, has written several helpful guides at Factary to help you answer those questions for your own charity.

https://www.factary.com/docs/Factary_Legitimate_Interests_and_Prospect_Research.pdf

https://www.factary.com/docs/Factary_Guide_to_GDPR_Compliant_Screenings.pdf

Consent, Opt-In, Legitimate Interest and GDPR and how it relates to fundraising

Adrian Beney has a wonderful grasp of GDPR, particularly around the pros and cons on using consent and legitimate interests by charities.

This guide of his provides the perfect introduction to GDPR and how it impacts communication, prospect research and fundraising. A reassuring read to those old and new to the profession.

https://www.linkedin.com/pulse/consent-opt-in-legitimate-interest-gdpr-adrian-beney