June 2, 2020 — Jon Mendoza, Chief Information Security Officer (CISO) at Technologent, was recently featured in Compliance Week, a leading source on financial compliance and disclosure of public companies. Mendoza covered CCPA compliance and how other states are now starting to follow California's lead and create data privacy laws and regulations of their own. He also spoke to the need for federal legislation because each state creating their own is a recipe for disaster and confusion.
"While much has been written about the CCPA’s set of rights regarding consumer personal information and the steps businesses must take to respond to consumer requests, less attention has been paid to another portion of the bill which allows consumers to sue businesses directly for mishandling their personal information.
Jon Mendoza, chief information security officer for Technologent, a California-based IT solution provider, said such class-action lawsuits 'could be devastating to an organization.'
Already, lawsuits like one filed in February by a California woman against online retailer Hanna Andersson and its e-commerce platform Salesforce could provide a roadmap for future class-action lawsuits. In most states, consumers file data breach complaints with their state attorney general’s office. The state AG then handles the investigation of the complaint, as well as any enforcement action. The CCPA opens businesses up to another level of liability, Mendoza said.
Nevada became the first state to follow California’s lead and passed a privacy bill in 2019 that gives consumers the right to opt out of having businesses store and use their personal information but does not give consumers the right to sue businesses. Legislatures in Washington state and Hawaii are each considering consumer privacy laws.
This trend could create a 'patchwork quilt' of state consumer privacy laws that businesses would have to comply with, Mendoza said.
'We’re talking about the possibility of 50 different state regulations,' he said. 'There needs to be a national privacy act.'"
Read through the full article here: https://www.complianceweek.com/data-privacy/no-stopping-ccpa-enforcement-deadline-says-california-ag/29002.article