INTRODUCTION

The lack of comprehensive privacy regulation in the US presents a unique set of compliance challenges for companies that collect personal data. Although a patchwork of sector-specific and state laws exist, they rarely deal with the pervasive collection and sale of people’s personal information. Penalties for data breaches attempt to protect personal information by punishing companies for after-the-fact violations, but this does little to safeguard information in real time.

Ultimately, the issue is that data peddling is so pervasive. In the 2000s, Internet service companies such as Facebook and Google began collecting vast troves of personal data in an effort to personalize their online offerings. Search engines, for example, could ...

Get The California Privacy Rights Act (CPRA) – An implementation and compliance guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.