As insurers collect more data about consumers, honoring their privacy has taken priority. The California Consumer Privacy Act (CCPA) is an example of legislation making it mandatory for companies to be more transparent about how they collect, use, and disclose personal information.
CCPA, effective Jan. 1, 2020, created the newest consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It gives nearly 40 million people in California the strongest data privacy rights in the country.
Why is this important? All U.S. insurance carriers and agencies will ultimately be impacted, as more states are sure to follow California in implementing consumer privacy laws.
But there's still a lot of confusion with this ground-breaking data privacy law. While I'm certainly not an expert or a lawyer, I've spent my career in insurance and have spoken to a number of carriers about how they are responding. Below is a high-level overview of the CCPA based on research and discussions I've had.
Which Businesses are Affected?
Businesses must comply with the law if they meet any of the following criteria:
Have revenue that exceeds $25 million annually;
Buy, sell, share, or receive consumer information on 50,000 or more California consumers; or
More than 50% of revenue is from selling consumer data.
What Do Consumers Need to Know
Californians now have the right to know what information companies have, request that it not be sold, and request that it be deleted unless it is in conflict with another law (very important to note that last piece for our highly regulated industry). Businesses must also provide a link that says, "Do Not Sell My Information" which enables the consumers to make their opt-out request.
What Should Your Company Do
Many carriers have updated their privacy policies and provide the required link for Californians to access their data and make a request to delete or not sell their information to a third party. Consider investing in solutions to help.
Here at Jornaya, a company that helps clients understand the consumer journey, we recently extended our compliance product suite with Privacy Guardian to assist companies in meeting the requirements of the CCPA as well as expected future state and federal regulations. Our Privacy Guardian solutions helps companies know if a site visitor is located in California and helps them prove what happened at each web event.
The following action items will also ensure your organization is truly honoring the consumer:
Clarity: Provide clear guidelines on Personally Identifiable Information (PII), which is any data that could potentially identify a specific individual. Trusted organizations have rigorous Terms of Use restricting them from exposing raw or proprietary data.
Storage and Access: Most businesses store data on multiple media types, each technology and format requiring its own type of protection. Understand storage and access.
(Credit: Thinkstock) 
