Skip to content

Data Privacy Law Changes in 2020

As most people were enjoying their holidays with loved ones, businesses all over clamored to update their privacy policies and send out updates to anyone they had an email address for. You probably received several emails from companies notifying you of their updated privacy policy but if you are a fellow business owner, should you be concerned if you didn’t send a privacy policy update?


What exactly spurred the influx of privacy policy changes? Well as of January 1, 2020, The California Consumer Protection Act (CCPA) went into effect and approximately 500,000 businesses operating in the U.S. are now subject to the new law. Big Tech, including Microsoft, Google, Facebook, and Uber, all recently changed how they handle data in order to comply with the CCPA.

The United States as a whole has few cybersecurity regulations at the federal level and many states have taken it upon themselves to address the dangers of modern cybercrime. The onus falls to individual business owners to handle compliance concerns or face the consequences.

How are companies changing their data?

Major corporations in big tech have already rolled out their privacy changes. It is likely that the next year will see even more changes to data protection laws at all levels. In that sense, it does pay to have as a robust cybersecurity framework as possible since oftentimes the regulations simply require that companies maintain minimum standards of cyber hygiene. That way when new regulations do come around, the effort required to become compliant is significantly reduced.

Below is a look at how major corporations are handling the newest cyber laws in 2020.

  • Microsoft – The tech titan from Redmond has updated their policies to honor CCPA, as well as help enterprise customers become compliant with any Microsoft related data.
  • Uber – Uber suffered a massive data breach effecting 57 million users in 2016 and ended up paying a $100,000 ransom to a hacker to stay quiet about the breach. Unfortunately for Uber the hush payment was exposed in 2018 and the FTC forced Uber to pay $148 million to settle their data breach notification violation. Uber must now submit to regular privacy audits. As part of their compliance with CCPA users can now opt out of data sharing all together.
  • Google – Google makes the bulk of its revenue from advertising and selling user data. As part of its CCPA compliance, Google now lets users can see all of their own data.
  • T-Mobile – Has created a privacy center giving users a Data Privacy Dashboard that provides data safety resources and allows them to opt out of selling data and submit a personal data request.
  • Mozilla – Mozilla was one of the few companies that endorsed CCPA from the beginning. The company has tried to differentiate itself and its products by being more privacy focused than other tech companies. Mozilla not only allows users to delete their personal data but also their telemetry data which is used improve user experience.

What does data privacy in 2020 look like?

States will continue to add their own flavors of data privacy laws. Illinois is expanding privacy protections for genetic testing kits and the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELDS Act) are both  going into effect in 2020.

Punishments for violators of these laws are already being doled out. Illinois has one of the strictest biometric data privacy laws in the nation and Facebook this week was forced to settle a lawsuit to the tune of $550 million due to the company’s practice of collecting facial scanning data without consent.

A few versions of a federal privacy law have been created by both Democrats and Republicans in the Senate with the potential to pass sometime this year. There are still questions as to whether the regulations should pre-empt state law to create a uniform framework across the nation or whether the federal laws should supplement existing state law. What is certain, however, is that businesses will be dealing with new data privacy laws this year.

What can SMB’s do right now?

  1. Evaluate if these laws apply
  2. Assess how you use data
  3. Document and remediate the findings

We can help

Alliant Cybersecurity works with companies to implement comprehensive cybersecurity strategies and helps businesses become compliant with state and federal laws. Contact us if you need help with these items.