One of the reasons I write this newsletter is to help prepare for coming change. Convenience has destroyed diligence thanks to technology. Many businesses built on an advertising-based revenue model have been exploiting the consumer. We are the product of this new digital age. Data mismanagement is forcing us to educate ourselves and demand better custody. By safeguarding the information we provide, we can continue to enjoy the convenience of clicking. The California Consumer Privacy Act of 2018 is a by-product of this and is a government regulatory response that nobody in the insurance industry is ready for.
California is the largest economy in the U.S. and most businesses have some connection to goods and services provide by or to this state. Title 1.81.5 of the CCPA states “A business that collects a consumer’s personal information shall, at or before the point of collection, inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. A business shall not collect additional categories of personal information or use personal information collected for additional purposes without providing the consumer with notice consistent with this section.” This will radically change the way business is transacted. Not only will this slow down many processes, but it will require a fundamental change in the way most businesses interact with their customers.
Do you tell your prospects and clients exactly what you are doing with their information before you collect it? Do you know what is done with the information? Where does the information go once it leaves your possession? Not only are you going to have to be able to answer these questions, but you are going to have to explain it in simple words. In addition to creating a new auditable process you are going to have to provide easy access to this information and it needs to be free of charge to the parties involved that are requesting it. Fortunately, there are some limitations and we as consumers can only request it two times in a twelve-month period. Businessowners will need to provide information connected to one-time transactions and will have to “Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.”
Where are you storing this information? If you are a businessowner, be prepared to delete it at the consumers request. “A business that receives a verifiable request from a consumer to delete the consumer’s personal information pursuant to subdivision (a) of this section (1798.130) shall delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.” The current way insurance is bought and sold is going to have to shift to comply with this new law. There are some exceptions to the rule surrounding personal information that is used to maintain an existing business relationship, perform a contract, comply with other laws, detect security incidents, debug to identify and repair errors. Another exception is to enable solely internal uses that are reasonably aligned with the expectation of the consumer based on the consumer’s relationship with the business. There is also a loophole connected to research if it adheres to all other applicable ethics and privacy laws.
The businesses I feel that will be most affected by this law are data brokers. We call them “Data Thugs.” Section 1798.115 (d) sates “A third party shall not sell personal information about a consumer that has been sold to the third party by a business unless the consumer has received explicit notice and is provided an opportunity to exercise the right to opt out.” This will have a serious impact on the lead generation business among other insurance sales and data enrichment organizations. Businesses that violate this provision will face serious financial penalties which we will dig into in a future article. What I expect to occur is direct financial compensation when data is provided. This is a vision we have brought to market with our insureBio. Since personal data is the new gold, not only should we the consumer own it, but we should be compensated when it is used.
We’ll dig into how businesses need to comply with these new regulations next week and discuss some solutions. If you have some ideas on how to address this upcoming information crisis I would love to talk!
