January 2020 brings a new year and a new decade.  It also brings new privacy laws for business.  Have you made the changes you need to avoid being out of compliance?

CCPA

California’s CCPA (California Consumer Privacy Act) is one of the strictest laws in the U.S. and goes into effect in January 2020.  Businesses will be required to allow California residents to access or delete personal data from records.  In addition, businesses must allow residents to opt-out of being included in data-sharing arrangements or selling of their data.

If you serve or employ California residents – regardless of where your business is physically located – CCPA will impact you.  Here are the five key areas you need to address in your strategic planning:

  1. How you collect and store data
  2. How you use or sell data to third-parties
  3. Individual’s rights to opt-out of data selling
  4. Compliance by third-party data processors
  5. Monitoring, tracking, and proactive remediation of security gaps and vulnerabilities

GDPR-vs-CCPAGDPR

The EU’s General Data Protection Regulation (GDPR) has already had a significant effect on companies doing business in the EU or doing business with EU residents.  It’s affected most U.S. based companies that have any reason to handle personally-identifiable data from EU citizens.

In effect for more than a year now, regulators have started handing out significant fines for non-compliance.  Notable fines against U.S. companies include a proposed $57 million fine against Google and a $123 million proposed penalty for Marriott.

More Privacy Laws

Other privacy laws have been passed in Maine and Nevada.  16 other states have laws currently being debated.

Web Accessibility Laws

The Americans with Disabilities Act is being used by advocacy groups to sue companies for lack of access via websites.  Dominos, Netflix, and Target all faced lawsuits over the accessibility of their online assets, prompting them to redesign their sites.

More than 2,200 class action suits for ADA-related issues with websites were filed in 2018.  That’s a 181% increase over 2017.

Title III of the Americans with Disabilities Act (ADA) impacts organizations that do business with the public.  Title II of the ADA is applicable to local and state governments. Federal agencies, contractors, and programs receiving federal funding are subject to Section 504 and Section 508 of the Rehabilitation Act of 1973, which was later adapted to online properties.

Interestingly, the ADA does not explicitly refer to websites.  However, it’s been applied that way by some courts.  Court rulings have tended to favor organizations that adopted guidelines put out by the World Wide Web Consortium (W3C). The Web Content Accessibility Guidelines (WCAG) list steps businesses should take to make content more accessible.