Category Archives: US Privacy

Here are all our blogs on US data protection and privacy regulations, including the California Privacy Act which is due to come into force on January 1, 2020.

California Consumer Privacy Act 2018 – how to comply

The California Consumer Privacy Act (CCPA) comes into force in January 2020 and it is important to take steps to prepare for the new legislation. Since GDPR came into force, EU consumers have developed a greater awareness of their rights pursuant to the regulations, and expect businesses to comply accordingly. The same is bound to happen in the US as the introduction of new regulations, such as CCPA, will make consumers more aware of their rights and the importance of ensuring their personal data is not mishandled.

Be prepared for:

  • Hypersensitivity from consumers regarding how their data is used
  • A stream of communications from consumers in the months following the implementation of the Act
  • Consumers misunderstanding parts of the Act and making demands which exceed the scope of the Act
  • An expectation that consumer-facing staff know the details of the Act
  • An eagerness to take action against non-compliant businesses
Continue reading

What is the California Consumer Privacy Act and who does it apply to?

Smart phone with a symbol of a padlock on it

California Assembly Bill No. 375, also known as the California Consumer Privacy Act of 2018 (the “Act”), was approved and passed on June 28, 2018 and comes into force on January 1, 2020. Here we attempt to dissect the CCPA 2018 and help establish who actually is required to comply with the Act.

Who does the Act apply to?

The Act applies to any business, partnership, company, corporation or other legal entity (“business”) operating for profit that collects personal information from consumers in the State of California, but only if one of the following applies to the business:

  • It acquires 50% or more of annual revenue from selling consumer information
  • It has gross annual revenue of $25m or more
  • It sells personal information belonging to at least 100,000 consumers

If a business meets one or more of the provisions above, it must comply with the Act.

Continue reading

The five basic data privacy rules for US compliance

The five data principles

The meaning of data can be as broad as any information, from health records to a lunch order. Different kinds of data are subject to different laws with varying levels of severity. Data about a person’s health, for example, is subject to a strict set of regulations known as HIPAA. Here is some guidance on protecting your clients’ and colleagues’ data through five basic data privacy rules.

The key data principles

While specific rules on data can vary by state and jurisdiction, there are some basic rules that should always be followed. You need to be aware of these because everyone in an organization is responsible for protecting the data held on employees, customers and clients.

Continue reading

New course release – Data Privacy: Fundamentals

Screenshot of an interactive quiz in the data privacy course

Data Privacy: Fundamentals provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States. The course combines short bursts of learning with practical scenarios and real-life case studies to ensure all staff know how to safely and securely work with data. Interactive scenarios test and score data privacy knowledge as you progress through the training.

A unique, experiential approach to data privacy, the Fundamentals course focuses on the practical knowledge and straightforward behaviors all staff need to know to keep data safe and secure. The course can be purchased either as a stand-alone course or as part of our data privacy training suite.

Continue reading

The California Consumer Privacy Act – What you need to know

Globe with USA highlighted

What is the California Consumer Privacy Act

While EU businesses must now comply with GDPR, the majority of American based organizations are unaware of the preparation it takes to be compliant with the new privacy laws that are slowly becoming the norm. California has adopted a law similar to GDPR called the California Consumer Privacy Act, set to take effect on January 1st, 2020. Our California Consumer Privacy Act whitepaper goes into more detail about the Act and how it can affect your business.

Continue reading

Whitepaper: The California Consumer Privacy Act

California Bill No. 375, also known as the California Consumer Privacy Act, was
approved and passed on the 28th of June 2018. While it won’t come into effect until
January 1st, 2020, it is necessary for all organizations involved to have a comprehensive understanding of the law’s requirements and what is expected of them. The Act is applicable to any business, partnership, company, corporation, or legal entity that operates for the purpose of profiting as well as collects consumer’s personal information from the state of California. While The Act has certain similarities to the EU’s General Data Protection Regulation (GDPR), it’s conditions are somewhat different.

VinciWorks has published a whitepaper that explains the California Consumer Privacy Act and gives guidance on how businesses can comply with The Act.

Download whitepaper

Continue reading

Six ways GDPR compliance has helped businesses

Pre-GDPR consent email

Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks

25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?

Your website can be accessed from around the world

US website down due to GDPR compliance

How often have you got this message when trying to access a US-based website from an EU country?

Continue reading