Navigating The Increasingly Complex and Rapidly Changing World of Data Security Regulation
The past few years have witnessed major strides in online regulation. 2018 introduced us to the General Data Protection Regulation, or GDPR, which aimed to protect the personal information of European Union residents. In 2019, we saw an enormous rise in website accessibility litigation, as users with disabilities fought to make the Internet more accommodating. Now, there’s another facet of Internet regulation that businesses must familiarize themselves with, and it’s called the California Consumer Privacy Act, or CCPA.
According to Experian, over 70 percent of consumers are willing to share personal data with companies if it means receiving a benefit in return. Yet, there is a disconnect between consumers, who are willing to share personal information and businesses that fall short of properly safeguarding this data.
With our dependence on technology to access goods and services, we’ve become accustomed to instantaneous information, which we often take for granted. However, there is always a potential danger of that personal information we leave behind being exposed without our consent, whether maliciously through the acts of hackers, or by accident. After American policymakers displayed outrage over the handling of accidental data breaches by a multitude of high-profile companies, elected officials knew that data security must become a priority for the United States.
California’s response to personal data security is the CCPA. Passed in 2018, the CCPA was enacted on January 1, 2020 and implements advanced data protections for California residents. Much like the GDPR, the CCPA requires that businesses treat consumer information as property owned and controlled by the customer – and, like the GDPR, California’s new law has far-reaching influence. For that reason, it is in multifamily professionals’ best interest to learn about the new law, its significance, and how to accommodate it.
California and the European Union aren’t the only places with data privacy bills, either. The state of Nevada’s Senate Bill 220 went into effect in October 2019, and Washington State and New York are also developing their own policies. Washington State’s new bill is scheduled to take effect in December of 2020, if passed. On a global scale, South Korea and Brazil are throwing their hats into the data privacy ring, as well.
If multiple states (and countries) are hopping aboard the data privacy movement, can we expect a federal law to address data privacy? Right now, the answer is unclear, but many experts believe that we will witness more states introducing data privacy legislation throughout the year, in an attempt to move the needle on the national scale. Don’t forget— even if your business isn’t located in one of the states where legislation is taking place, your website may still draw visitors from these areas. To limit your liability, it is important that your community has policies in place surrounding these new laws.
What’s more, the ever-growing interest in Internet regulation has sparked an array of court rulings, which tie the Americans with Disabilities Act (ADA) into the digital sphere, demanding that all websites and their services become accessible. Today, approximately 15 percent of the world’s population, or 1 billion people, live with a disability. Yet, digital accessibility continues to be a sidebar for many businesses. As history repeats itself, we will continue to see disability advocates fight for the right to accessible online information and resources.
CNBC reports that achieving CCPA compliance could cost businesses a total of 55 billion dollars upfront. However, the cost of compliance is worth it when considering the repercussions of failing to do so. In the United States, a single data breach can cost a company an average of 8.19 million dollars, and CCPA penalties range from 2,500 to 7,500 dollars per incident. Keep in mind that these numbers only relate to CCPA compliance, and other types of web compliance come with their own price tags. With so much at stake, it is critical that multifamily housing operators make sure their websites have updated privacy policies and accessibility tools in place.
First off, you must ensure that your marketing websites boast a clearly defined privacy policy with options for the user to agree or disagree to data collection methods. You should review these policies on a semi-annual basis to ensure that they are current with any regulatory or internal changes, regarding how your business is collecting data.
If you’re using a third-party provider, you must verify that they comply with the federally recognized Web Content Accessibility Guidelines (WCAG) at 2.1 Level AA, which is the gold standard for digital compliance. Most importantly, your company needs to maintain a firm grasp on how it is storing clients’ personal information. If said information is requested by the consumer, you’ll need to have immediate access to that data, which your provider should be able to accommodate, to comply with current regulations.
By enacting the California Consumer Privacy Act at the beginning of 2020, the Golden State is ushering in a new era of accountability for businesses nationwide. We will now see many states follow suit by crafting their own privacy regulations, and it is critical that operators and providers stay current on these rapidly moving changes, as the web becomes an increasingly supervised space.