CCPA California Consumer Protection Act: How Are You Managing Data Compliance?
This New Year California’s CCPA has gone into effect following suit after other states, such as Massachusetts. This is one of the first step in what will soon be the national status quo across the United States before the end of the decade. With States independently passing laws there is a growing pressure for Congress to act and pass Data Privacy Laws at the national level. New York is currently working to pass a data protection law (NYPA) that is even bolder than that of The European Union’s and California’s that includes a provision to give citizens a private right of action over improper data usage. The CCPA, next to Europe’s General Data Protection Regulation (GDPR), has smaller teeth. The fines are much smaller and were likely watered down with strong opposition in Silicon Valley. The Era of the wild west of tech is slowly coming to an end. Organizations now need to fundamentally change how they track, manage, and use consumer data if they want to do business in states that have passed and are currently working to pass these laws.
As these new policies are put in place across states, new measures will be needed to ensure compliance. The burden of compliance with these new laws cannot just be siloed to the IT department, it reaches across legal, IT, and marketing. Companies that are only looking to be in compliance with CCPA are, in fact, already behind the curve. Organizations need to assume that these state laws are going to be nothing but basic minimum standards of what will be in Federal Legislation.
Organizations need to be thinking about taking the following steps to ensure that they are in compliance with these new laws:
- Quarterly Data Management Audits
Organizations should constantly monitor and audit how data is being managed and handled and ensure that all department are not in breach of CCPA
- Scheduling Systems and Checklists
Organization and management of data compliance needs to be tracked every step of the way for organizations of all sizes
- Management of Internal Controls over Data Access
Personal access across organizations needs to be monitored and have strong oversight in what employees are allowed to interact with and use consumer data
- Advanced Online User Privacy Agreements
Legal departments need to work closely with IT and marketing departments to understand exactly how customer data is being collected and used, and ensure that these departments are in compliance and are properly disclosing how customer data is being collected and used
- Third Party Risk Exposure
Organizations need to understand their risk exposure to third parties that they share data with how that data is being managed and secured
- Employee Training
CCPA puts strong emphasis on employee training in data management and usage and emphasizes the need for sufficient oversight in data handling
Conclusion
Managing data compliance in this new era is only going to become more sophisticated and nuanced, the idea of data fiduciary responsibility is going to become more and more prevalent with greater potential for exposure to liability if the proper steps and precautions aren’t taken to remain in compliance.