California Measure Billed as One of the “Toughest” Data Security Laws in the U.S.

Agencies in the accounts receivable management industry should take note as the law increases disclosures of personal data collected by companies and third parties with access to the information.

7/18/2018 8:00 AM

California Measure Billed as One of the “Toughest” Data Security Laws in the U.S.

A new law recently signed by California Gov. Jerry Brown will significantly change procedures for handling consumer data in the state when it takes effect in January 2020.

Efforts to create the California Consumer Privacy Act of 2018 emerged following major data breaches at Equifax and Facebook, according to a report from Time.

The law requires companies to tell consumers – upon request – what personal data they possess, why they have the data and if third parties have access to it, according to the article. Consumers may ask companies to delete their personal data and request that they do not sell it.

“Lawmakers say they will likely make alterations to improve the policy before [it takes effect,]” Time reports.

The law is also known to be similar to data security requirements in the European Union (EU) aimed at giving consumers control over the use of their personal information.

ACA International member Rozanne Andersen, vice president and chief compliance officer of Ontario Systems LLC, recently wrote a blog post about the European law, the General Data Protection Regulation (GDPR), which took effect in May.

“The GDPR will bring serious changes in data privacy that will affect anyone who is present in the EU, along with any company that handles the data of EU consumers, which would include companies across the world, including the U.S.,” according to Andersen.

The EU and California laws are important for the accounts receivable management industry to be aware of in the event that similar requirements are enacted in other areas.

According to Andersen’s blog, the requirements in the EU law may already trickle down to your company, especially if you have an online presence.

“For example, third-party debt collectors may fall subject to GDPR requirements if they are hired to collect debt from a consumer who was vacationing or hospitalized in Europe when the debt was incurred,” Andersen writes. “Alternatively, you may have GDPR obligations if you are hired to collect debt incurred in the EU by a European citizen. Both scenarios trigger GDPR liability and in turn your duty to protect the data in compliance with the GDPR.”

Read more examples in Andersen’s blog here.

ACA International members may access more information on data security through the ACA SearchPoint®  library using the identity theft and technology tags, for example.

Follow ACA International on Twitter @ACAIntl and @acacollector, Facebook and request to join our LinkedIn group for news and event updates. ACA International members are welcome to submit news items for possible publication to Visit our publications page for news submission guidelines and subscriptions to ACA Daily, Collector magazine and Pulse.

Advertising is available for companies wishing to promote their products or services. Be sure to visit the ACA Events Calendar on the Education and Training page to view our listing of upcoming CORE Curriculum and Hot Topic seminars featuring critical educational opportunities for your company.

Subscribe to ACA Daily NEWSROOM