Since the groundbreaking California Consumer Privacy Act (CCPA) went into effect in 2020, consumer data privacy and security has improved dramatically for all Americans. We believe personal data removal services and authorized agents such as Optery have been major contributors to this progress, helping educate the public about data privacy, helping maximize data privacy and security protections, and eradicating millions of pieces of unwanted Personal Identifiable Information (PII) from the internet.
Thanks to the CCPA and its amendments in Proposition 24 (the CPRA), if you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information, to not sell or share your personal information, to correct inaccurate information that they have about you, and to limit their use and disclosure of your sensitive personal information. The CCPA and CPRA also make provision for authorized agents who act on behalf of residents to exercise these privacy rights.
Even if you don’t live in California, there are a growing list of states that have approved similar data privacy laws such as Virginia, Nevada, Colorado, Connecticut, Utah, and more.
The Role of Authorized Agents
In the CCPA, authorized agents are defined as either natural persons or business entities that are registered with the Secretary of State to conduct business in California and have been authorized by a consumer to act on their behalf. The role of authorized agents is essential in helping to safeguard vulnerable populations such as children, elderly parents, and victims of domestic violence from data exploitation, while third-party services acting as authorized agents are a critical tool for many in safeguarding their personal information.
The CCPA regulations detail how businesses must accommodate requests from authorized agents, including how these agents can make requests and how businesses must verify these requests. Businesses are required to provide instructions on how an authorized agent can make requests in their privacy policies and must allow consumers to use an authorized agent for submitting opt-out requests with signed written permission from the consumer.
The Demand for Authorized Agents
Californians have embraced using authorized agents such as Optery as an increasingly indispensable cybersecurity tool, and their use is growing rapidly among both consumers and businesses. Optery’s use among consumers and businesses has grown dramatically since making its service available in 2021.
More than anything, the explosive growth in demand for authorized agent services illustrates consumers’ strong preference for enlisting service providers to navigate the complexities and frustrations of managing interactions with hundreds of unknown data companies.
Phishing and Personal Data Breaches Are on the Decline
The effectiveness of California’s consumer protection laws, underscored by the pivotal role of authorized agents, is increasingly evident. According to the latest FBI Internet Crime Report, after many years of torrid growth, phishing and personal data breach cyber crimes are finally on the decline! After peaking in 2021, reported phishing crime is down 8% through 2023, and reported personal data breach crime is down 5% through 2023 from its peak in 2022.
Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
We believe the reduction in phishing and personal data breach incidents can be partially attributed to the proactive measures enabled by the CCPA. By empowering Californians to take control of their personal information, and allowing authorized agents to act on their behalf for its deletion, the CCPA has made it more challenging for cybercriminals to obtain and exploit personal data. Phishing, whatever form it takes, always leverages exposed personal information. With less info available to exploit, there are inevitably going to be less phishing attacks.
With regard to personal data breaches, the CCPA’s introduction of stricter regulations on data handling, alongside increased penalties for non-compliance, significantly reduces the opportunities for cybercriminals to access and misuse personal information. Coupled with the systematic removal of personal information from databases — which might otherwise be leveraged for PII-based attacks or targeted in breaches — these measures collectively diminish the likelihood of unauthorized access to sensitive data.
Building on Success Beyond California
The success of the privacy laws in California serves as a beacon of hope and a model for other states. Most people in the United States today still do not have the legal right to opt out of data collection and selling. When data brokers honor opt-outs in states without privacy laws, it most often comes down to voluntary self-regulation rather than legal obligation. We remain hopeful that the laws in California will inspire similar legislative efforts across the country, creating a unified front against the misuse of personal information and setting a new standard for data privacy.