Beware those privacy-protected Californians
Put January 2020 on your calendar. That’s when the California Consumer Privacy Act takes effect. It’s similar in many respects to the General Data Protection Regulation, which provides safeguards for the private data of European Union and United Kingdom citizens and residents, but the CCPR applies specifically to California citizens and residents.
Timeshare marketers and sales personnel who have already complied with the GDPR will still want to double-check as CCPR implementation approaches, just to make sure they haven’t missed any of the newer law’s nuances. Otherwise, running afoul of the wrong kinds of prospects and customers could cause problems.
For overwhelmingly American enterprises that haven’t bothered with GDPR because it probably wasn’t relevant, now’s the time to rethink that stance and prepare to comply with both approaches to privacy protection.
CCPA began as a ballot initiative petition signed by 629,000 Californians. Before it could come to a public vote in November of 2018, the California Legislature enacted a version of the law with language even stronger in some ways than that of the initiative proposal.
Californians for Consumer Privacy (the organization promoting the petition drive) explains that the CCPA includes these rights:
— Right to know all data collected by a business on you.
— Right to say NO to the sale of your information.
— Right to DELETE your data.
— Right to be informed of what categories of data will be collected about you prior to its collection, and to be informed of any changes to this collection.
— Mandated opt-in before sale of children’s information (under the age of 16).
— Right to know the categories of third parties with whom your data is shared.
— Right to know the categories of sources of information from whom your data was acquired.
— Right to know the business or commercial purpose of collecting your information.
— Enforcement by the Attorney General of the State of California.
— Private right of action when companies breach your data, to make sure these companies keep your information safe.
Although the law applies only to Californians, it’s unclear to date how the state will enforce it outside California. The GDPR is enforceable worldwide, and has prompted many American companies with an international clientele to comply. Rather than set up separate safeguards for Californians, American companies with a primarily domestic clientele may be wise to comply with the CCPA’s requirements for everyone. After all, California is the world’s fifth-largest economy.
This article is from the September 2018 issue of the Timeshare Resort Mangement Newswire. Send an email with your name, resort, and contact information to subscribeTRMN@tstoday.com if you’d like to subscribe.