California has passed the California Consumer Privacy Act (CCPA), a sweeping law that forces companies to tell customers about the data they gather about them, and to allow customers to opt out of those practices.
However, the final details of the law are being worked out, and many companies are unsure exactly what they need to do to be compliant. Even the attorney general is still figuring out specifics and probably won’t start enforcing the law until July.
Bloomberg reported that a slew of startups is vying for a $55 billion boom that companies in the state are expected to spend to become compliant.
Bart Willemsen, an analyst at Gartner who advises clients on compliance, said there are at least 200 companies right now that want to help companies be able to deal with the law, but also, none of them have a completely comprehensive solution.
“There’s no single silver bullet,” he said.
It will be complicated for a company to build those compliance tools from scratch, especially companies that only operate in California. In Europe, where the General Data Protection Regulation (GDPR) has been in effect for a few years, many companies at least have an idea of what they need to do.
One particular startup, called TerraTrue, wants to help businesses keep track of user data.
“What we’re doing is building a complete privacy platform that lets companies automate the ways in which they comply [with] all these privacy laws,” said Chris Handman, the startup’s chief operating officer.
Another company, DataFleets, is offering companies advanced machine learning tools to help companies minimize their risk of exposing sensitive data about customers.
“The data never leaves their phone, they retain complete control with it, it remains compliant with data regulations,” said David Gilmore, the company’s CEO.
Other companies may choose to ignore the bill until they see how it’s enforced, especially since the California Attorney General’s Office admitted it doesn’t have a lot of resources to enforce the bill.