California Here We Come! Preparing for the California Consumer Privacy Act

Data Privacy.jpg

In this episode of In Process Podcast: Conversations about Business in the 21st Century, Trusted Counsel’s Evelyn Ashley and John Monahon speak with Michael Jones, Attorney at Trusted Counsel  who has a strong background in business-oriented technology. Michael previously spearheaded Trusted Counsel’s initiative to help clients understand and comply with the European Union’s General Data Protection Regulation (GDPR) and now he’s at the helm of California Consumer Privacy Act (CCPA), slated to go into effect on January 1, 2020.

CCPA is the most comprehensive data privacy bill to pass in the United States at a state level. It requires significant transparency for companies regarding customer data and to date, it’s the toughest privacy law in the country. This law is spreading to other states. Michael says, “ultimately there will be federal legislation, or there will be so many states that pass their own laws that businesses will have to comply with the broadest one .”     

Today, businesses in affected sectors face challenges when it comes to privacy and security compliance because of the requirement to establish a process to identify, secure, delete, and/or manage files that pertain to customer personal data. Most organizations who seek to “go at it alone” will not do it well because doing so requires a combination of skills, with legal and compliance analysis leading the way. Businesses should prepare now with the help of legal privacy specialists. We have compiled a best practices list on what activities your business should be doing between now and January 1, 2020. If you are already complying with GDPR, you’re ahead of the game but there is still work to be done. 

Note: your company’s specific situation may vary from these general scenarios and further research may be needed.

BEST PRACTICES FOR COMPLIANCE

Data

  • Understand what personal information your business collects

  • Update your data inventories (the database to track your database processing activities) in order to prepare for data access, deletion, portability requests, and to comply with opt-out requests

Privacy Notices and Policies

  • Draft the required notices and disclosures “at or before the point of collection” informing customers of the categories of personal information that is being collected and for what purpose.

  • Determine if your business will maintain one privacy notice for California residents, one for other consumers, or have one universal policy.

Consumer Rights

  • Consumers have the right to know, right to request, right to opt out, delete, and the right to not to be discriminated against.

  • Implement protocols to ensure new consumers rights. Are you building out the process, training and have new systems for responding to consumer demands? What does your roll-out look like?

Third Party Service Provider

  • To comply, if you have a third-party vendor that processes your data you need to update and negotiate your contracts

Systems, Training, and Process

  • Increase your budgets for IT reprogramming costs and build process around responding to consumer demands, including protocols for deleting data.

  • Due to penalties involved, take the time to train your employees on handling customer inquires

During the course of the podcast CEOs, business owners, and C-level executives will learn:

  • The definition of the CCPA

  • Recommendations for best practices for your business on compliance

  • Understand what is meant by “intentional data privacy”

  • Final thoughts from Trusted Counsel on why every business should comply

How We Can Help

Contact us at 404.898.2900 or email us at info@trusted-counsel.com to set up a consultation to discuss your company’s situation.

Don’t miss a single episode of our podcast show. Subscribe to our show “In Process Podcast” on Apple iTunes and on Google Play to receive this episode as well as future episodes to your smartphone.

Read the Transcription

Be sure to check out Michael Jones on another podcast episode where he discussed General Data Protection Regulation (GDPR) and answers questions about it and data privacy.