Californians can now control movement/use of their personal information with the help of several specific data control rights included in the “California Consumer Privacy Act of 2018 (AB-375)” released on June 28.PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates
The data controls rights include but not limited to:
- Know what is being collected about them
- What is being sold and re-disclosed,
- Prevent the sale of their personal data.
This new law expected to become one of the nation’s strictest data privacy rules.
The requirements of this act will lead to substantial impacts on the data use policies of major technology companies and retailers, and could accelerate federal data privacy legislation.
Without any proof of harm, personnel can take an against data breaches that result in disclosure of personal information, which could lead in rising number data breach actions.
What Does This Law Provision?
Enhanced Privacy Protections around the Globe
The legislation bears some similaritiesto the European Union’s General Data Protection Regulation (GDPR), particularly the transparency requirements, the right to request deletion, and a strict data breach regime.
- Companies that collect data directly from consumers must disclose the information and the business purpose for which they collect the data.
- Consumers can request to delete their personal information through a “verified request” and can opt out entirely from the sale of their personal information.
- For companies it is illegal to discriminate against consumers for exercising any of the above rights.
- Allows companies to offer financial incentives for collection of personal information.
- Prohibits selling the personal data of online consumers under age 16.
QRC is a Payment Card Industry Qualified Security Assessor (PCI QSA) by Payment Card Industry Security Standards Council (PCI SSC)