With the EU’s General Data Privacy Regulation (GDPR) already in affect and the California Consumer Privacy Protection Act (CCPR) set for January 2020, there’s soon to be a confusing patchwork of state data privacy laws with which firms of all sizes will have to comply, at least until a preemptive federal law is passed.
Since California’s is the first and most stringent legislation of its kind, we’ll take a look at its biggest rules, and how Pairity’s AI can help firms stay compliant.
Who is Obligated to Comply?
Firms with over $25 million in annual gross revenue
Firms who annually buy, sell, receive, or share the personal information of 50,000 or more consumers
Firms that derive 50% or more of their revenue from selling consumer’s personal info
As it pertains to ARM, the buying and selling of consumer information is core to business. The Pairity Marketplace has been designed with compliance as a central feature (not to mention zero listing or purchasing fees). Because it’s powered by AI, it can track the impending and varying state regulations on sales and servicing to ensure transactions adhere to each.
What are the consumer’s new rights?
Under the CCPR, consumers now have a right to:
Know what personal information is being collected about them, and whether it’s sold or shared, and to whom.
Say “no” to the sale of their personal info and be able to access it for free.
Receive equal service and price even when they exercise their right to data privacy.
Which means firms doing business in California are now obligated to:
Disclose the categories and specific pieces of information they’ve collected about a consumer when the consumer requests — at no cost to the consumer.
Voluntarily disclose what information is being collected either before or at the point of collection, and the purposes for which it’s being used.
Firms are also under obligation to wipe out certain data upon request.
How Can Pairity’s Data Science as a Service Help?
Pairity AI already uses a multitude of publicly available, “alternative” data to create distinct consumer profiles. Every consumer contact is recorded, as well as each data point, its provenance, and particular relevance to the service or product a consumer receives.
Pairity’s cloud-based system also has a data expiry policy of seven days, so unless requested, we do not keep the data you upload to it.
For our hosted machine learning models, Pairity has a hash encryption and data obfuscation policy so even if there is a breach, no PII will be exposed.
Pairity cannot link private data to a specific consumer, but if the consumer requested their data, they could generate it by entering the personal information that was used to create the encryption. Then they request that it be deleted. Learn more about the Pairity Marketplace and our Data Science as a Service.