The original version of this blog, excluding NICE references, was initially published in Lydia de la Torre’s Medium Blog. The version below has been extensively edited. The original version can be accessible here.
2018 saw the enforcement of the EU GDPR – General Data Protection Regulation, which is to date the most stringent privacy regulation enforced. The GDPR had for effect to create a wave of similar regulations across the globe – from Thailand to the USA and through Brazil. In a related blog we detailed the increasing activity of States in the USA, with over 25 states introducing new bills addressing various aspects of informational privacy and cybersecurity.
With the introduction of CCPA the California Consumer’s Privacy Act, informational privacy is being redefined in the US which will have a long-lasting impact on how private data is processed and how much rights customers can have as CCPA grants them access and defines requirements for the processing of private data. In addition, less flexibility is left for organizations to determine their security programs for private data, and their conduct in the event of data breaches. So how are these trends going to impact 2020, and what can contact centers do to get ahead of the curve?
Prepare for “Access”: Under CCPA, upon request, consumers have a right to access the specific pieces of information held by organizations about them.
Consumers have a right to request disclosure of their personal information, and to receive additional details regarding the personal information a business collects and its use purposes, including any third parties with which it shares information.
In response to a request for disclosure, a business must provide personal information in a readily useable format to enable a consumer to transmit the information from one entity to another entity without hindrance.
A consumer also has the right to deletion of personal information a business has collected, subject to certain exceptions. Consumers may only make most information requests twice a year and only for a 12-month look-back.
Watch out for Washington (but not DC). From all of the State privacy proposals in 2019, the Washington State Privacy Act (WPA) was to one to come closest to the finish line. Although it ultimately collapsed, it is likely to be re-introduced in 2020.
Expect more litigation: Both CCPA and BIPA will drive litigation as the plaintiffs bar tests the question of to what extend a concrete and particularized harm sufficient to confer standing. In addition, the constitutionality of CCPA will be tested in court and the litigation will provide new insights on the boundaries between freedom of speech and informational privacy.
At NICE, we have made simplifying compliance a cornerstone of our strategy with a unique solution that supports the most stringent requirements of privacy and data security regulations. With the Compliance Center, you can monitor your compliance processes and take corrective and proactive actions on your interactions – whether to provide access, or to limit retention of private information. To learn more about how we can help you with your compliance strategy for privacy and other regulations, click here, or contact us to schedule a demo!
This blog is part 2 of the series “Top trends in US privacy laws”. The first part focused on what we saw in 2019 can be read here. In this part we investigate what we need to watch out for in 2020.
A version of this blog was already published in Lydia de la Torre’s Medium Blog. The version above has been extensively edited. The original version can be accessible here- https://medium.com/golden-data/ranking-must-not-miss-us-privacy-laws-2019-and-what-to-expect-in-2020-4031c7180563