ChannelVision Magazine

Cyber Patrol section three states. “Yet the prolifera- tion of personal information has limited Californians’ ability to properly protect and safeguard their privacy. It is almost impossible to apply for a job, raise a child, drive a car, or make an appointment with- out sharing personal information.” California law, AB 375 explains, has not kept pace with the privacy implica- tions surrounding today’s developing technologies. Many businesses are col- lecting extensive amounts of consumer data and are privy to sensitive details such as how fast a consumer drives, how many children that person has, their personality and their sleep habits as well as biometric, financial, health, social and geolocation information, among other categories. This trend will acceler- ate, too, as the Internet of Things (IoT) continues to develop and consumers become increasingly connected. AB 375 mentions the March, 2018, Cambridge Analytica incident where tens of millions of people had their personal data misused. This event, the Legisla- ture claims, has heightened the need for privacy controls and transparency. “The unauthorized disclosure of per- sonal information and the loss of privacy can have devastating effects for individu- als, ranging from financial fraud, identity theft, and unnecessary costs to personal time and finances, to destruction of prop- erty, harassment, reputational damage, emotional stress, and even potential physical harm,” reads section “e.” Whole new ballgame The law is similar in some ways to GDPR, as well as some of the above- mentioned laws that California has already passed. According to privacy attorney Kirk Nahra, though, AB 375 is a “whole new ballgame.” “It’s particularly important because it essentially applies to all personal data in all situations,” Nahra stated. “There are some exceptions to that, but the idea is that it applies to every- thing. That’s very different than not only the prior California laws, but also the entire approach to privacy and security regulation that we have seen in the United States to date, where the laws have been either industry-specific like HIPAA or the Gramm-Leach Bli- ley for the financial services industry. Or they have been practice-specific, which deals with a particular law for a particular activity.” As Nahra explained, we don’t have one-size-fits all laws here in the U.S., which is why AB 375 is being com- pared to the EU’s GDPR so frequently. This is the first time we have seen something like this in the U.S. It’s very important to keep this in mind when talking to customers about AB 375. “There are both similarities and dif- ferences,” Nahra continued. “I think the analogy is an easy one to make because it’s the most obvious compari- son. That doesn’t mean it’s a perfect comparison. At the broadest level, why we’re seeing a comparison is [be- cause] GDPR is so new and it’s in ev- eryone’s mind. Lots of companies have gone through that exercise. It’s a good comparison in terms of overall scope.” Mounting concern While AB 375 is being hailed as a victory among consumer advocate groups, not everyone is jumping for joy. There is a considerable amount of concern across the technology and re- tail sectors that the law is too strict and could limit the way that businesses are allowed to market to consumers. Despite heavy criticism, the law — which was quickly passed through the California Senate and Assembly in a last-minute ballot initiative — was al- lowed to commence without protest out of fear of a much stricter privacy pro- posal that was being discussed. That proposal wound up getting scrapped when Brown signed the bill into law. One of the biggest concerns for business owners right now is that AB 375 could prevent consumer loyalty programs, as consumers who choose to revoke their data will have to be treated the same as people who choose to give away their information. Targeted marketing campaigns, and app-based geolocation services, are also in the crosshairs as a result of AB 375. This, experts fear, will hurt more than just businesses. Consumers will feel the pain, too. “It will expose businesses to unwar- ranted lawsuits while potentially taking away many of the innovations and spe- cial services consumers have come to expect,” said David French, senior vice president for government relations at the National Retail Federation. What’s more, there is concern about how the law will impact businesses be- yond the state’s borders. Companies, Nahra explained, will have to analyze how much they deal with California residents — and whether they want to extend the same rights to citizens from other states. The waiting game begins We are still more than a year away from January 2020 and so it’s pos- sible that we will see some changes or rule clarifications before enforcement begins. Agents should therefore keep close tabs on this developing story in order to accurately advise customers on the steps they need to take to re- main in compliance. According to Julie Dzubay, vice president of sales operations at South- ern California-based WTG, the master agent and its partners have noticed that the sales cycle has increased for oppor- tunities that were impacted by GDPR. With it being so new, Dzubay explained, everyone is now cautious in their ap- proach to ensure compliance. It’s likely that we will see a similar impact from the AB 375. “We are in the education stage where I feel providers are beginning to talk about it, but agents are more in a wait and see mode,” explained Dzubay. Even so, there is definitely an op- portunity to leverage AB 375 when selling security and privacy services, said Dzubay. “There are some providers that are already incorporating a warning flag into their content,” Dzubay said. “I feel like the providers that are doing that have a competitive edge being able to say that they will ensure their solutions will be compliant with the new law.” o Channel Vision | July - August, 2018 14