The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, signals a major shift in the way that the United States and allied economic powers treat consumer data protection and privacy. For many years, the government’s primary focus was protecting data and shoring up authorization practices. This led to multiple innovations in the way of technology and tactics to optimize data access and control. However, it meant that until recently, the government was focused on ensuring authorized access, but was less concerned with regulating usage after authorized access.
With CCPA, the United States is aligning more closely with a growing global trend towards better governing the use of data and providing consumers with the ability to determine and direct the use of their data. Coupled with increased regulatory sensitivity toward consumer data, shifting consumer expectations should serve as an early indicator for financial institutions that hardening perimeters and deploying rigorous access control is no longer going to suffice – data element level management and governance is necessary to enable appropriate usage.