CCPAI’m in the middle of a busy work/family travel schedule, so this blog post will be a bit brief. Microsoft has announced that it will support the stipulations in California’s new California Consumer Privacy Act for all its customers in the United States, not just those in California. I call this, “pursuing the highest common denominator in privacy rights.”

Geeky detour. We’re used to talking about the “lowest common denominator.” That’s the smallest number that can be evenly divided into two sample numbers. For the numbers 25 and 75, the lowest common denominator is 5. As you may have guessed by now, the highest common denominator is the largest number that can be evenly divided into two other numbers. Returning to our numbers 25 and 75, the highest common denominator is 25.

In less mathematical terms, think of the highest common denominator as that which provides the most benefit across two policies or regulations.

Why We’re Seeing the Highest Common Denominator in Privacy Rights

Remember GDPR? As we were all scurrying to get legal opinions and a plan for compliance, I (and many others) suggested that GDPR would become the de facto standard for privacy rights worldwide; companies wouldn’t limit GDPR-compliant policies to just the European Union.

Why would that be the case? Operational efficiency. You’re a multinational company. You must modify your privacy practices to comply with a set of regulations for the European Union. Those regulations are more restrictive than the regulations in the other geographies you serve. It makes sense to implement one set of privacy policies and procedures worldwide. Otherwise, the company must implement region- or country-specific policies. The company runs the risk of people applying the wrong policies for a given region. That could be an expensive mistake. As well, it’s easier to train your workforce on one policy vs. several.

Here’s another example of this dynamic. California has, for many years, worked with automakers to gain compliance to a set of auto emissions standards that are stricter than those specified by the US government. The State of California went out and got agreement from a set of automakers to conform to the state’s standards. (Not all automakers have done signed up with California, so my working theory has its limits.) Why would automakers do this?

  • Californians buy a lot of cars. A LOT of cars. It’s a big enough market for automakers to want to capture, regardless of the costs.
  • It’s expensive and time-consuming to tool your assembly factories for different emissions standards.

Why the Highest Common Denominator in Privacy Rights is Important

As the Microsoft post discusses, it’s not clear yet what exactly is required to comply with the CCPA. Broadly speaking, the CCPA requires that organizations be transparent about how they are using customers’ data and ask permission before selling that data. But Microsoft is going on record to say that they are going to make that compliance applicable to all US customers.

Are You Aiming for the Highest Common Denominator?

Many of our customers are not in the business of collecting and selling personal data. For these customers, complying with CCPA may be simple. But here’s the more general question: are you applying the most restrictive privacy policies in your organization? Or the least restrictive? You must balance privacy and helping staff do their work. Going beyond what required from a regulatory point of view means extra work and headache. Perhaps, though, the payoff comes in knowing that you’ve already gone beyond the minimum, to the highest common denominator in privacy rights.

It’s something to think about.

 

 

Translate »