Microsoft announced last week that it will extend the data requirements included in California’s Consumer Privacy Act to all of its customers across the U.S.
In a blog post last week, Julie Brill, Microsoft’s Chief Privacy Officer, said the company is a “strong supporter of California’s new law.”
“We are optimistic that the California Consumer Privacy Act — and the commitment we are making to extend its core rights more broadly — will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.,” Brill wrote.
Brill also suggested that Microsoft would like Congress to pass a national data privacy rights law, but in the absence of Congressional action the company would support other states developing privacy regulations.
California’s new law takes effect Jan. 1. Some specific requirements of California’s new law are “still developing,” Brill wrote, but Microsoft stands ready “to provide effective transparency and control under CCPA to all people in the U.S.”
What does this mean for your organization? If you have California residents as customers and your company does one or more of the following:
* Generates $25 million in gross annual revenue or more
* Handles personal data from more than 50,000 people, households, or devices
* Has 50% or more of your revenue coming from selling personal information
then you must comply with the California law.
However, a quick chat with your attorney is probably best to be sure, as there are ways affiliates or third-party vendors can also fall under the law.
Microsoft’s post also suggests it will be working in support of additional privacy laws.
Sooner or later we suspect you will have to have processes in place for customer requests to see or delete whatever information you have on them, as well when to delete customer data that is no longer needed.
We are experienced in helping organizations develop appropriate data policies. For more information, contact us for a conversation.