Social Network For Security Executives: Network, Learn & Collaborate
The California Consumer Privacy Act (CCPA) has been around since 2018, as the more protective data privacy legislation of any state, but not all businesses have been acting ethically in their compliance and respect for user privacy.
As a result, the CA Attorney General has once again updated the CCPA. This time, to thwart unscrupulous businesses who go out of their way to thwart citizens' attempts to Opt-Out of the collection or sale of their personal information or to request their data deleted.
I have seen shady actions by companies, most of whom were in the business of acquiring and selling private data, that
Forced users to click through a maze of many links to find how to opt-out
Some tried to be sly and use misleading language, like double negatives, to confuse visitors in their options
Requiring citizens to (run a gauntlet of marketing messages) be bombarded with tons of marketing messages, trying to convince them to not change their privacy settings, before they could actually get to the screen to Opt-Out
The worst of cases actually required citizens to provide even more personal data before they could request to Opt-out of having their private information sold. As a privacy professional, I find that insulting and absurd!
The changes to the CCPA are specific to shutting down such actions, for the benefit of California’s citizens’ rights to privacy.
My personal thanks to Xavier Becerra for his leadership in making these much-needed changes to close down loop-holes that were allowing the intentional victimization of California’s citizens.
More work is needed and I hope even broader privacy rules and stronger means of enforcement can be established in the future.
If you like these updates, click the Like button and be sure to subscribe to the Cybersecurity Insights channel for more rants, news, and perspectives.