Data Privacy

California Here We Come! Preparing for the California Consumer Privacy Act

Data Privacy.jpg

In this episode of In Process Podcast: Conversations about Business in the 21st Century, Trusted Counsel’s Evelyn Ashley and John Monahon speak with Michael Jones, Attorney at Trusted Counsel  who has a strong background in business-oriented technology. Michael previously spearheaded Trusted Counsel’s initiative to help clients understand and comply with the European Union’s General Data Protection Regulation (GDPR) and now he’s at the helm of California Consumer Privacy Act (CCPA), slated to go into effect on January 1, 2020.

CCPA is the most comprehensive data privacy bill to pass in the United States at a state level. It requires significant transparency for companies regarding customer data and to date, it’s the toughest privacy law in the country. This law is spreading to other states. Michael says, “ultimately there will be federal legislation, or there will be so many states that pass their own laws that businesses will have to comply with the broadest one .”     

Today, businesses in affected sectors face challenges when it comes to privacy and security compliance because of the requirement to establish a process to identify, secure, delete, and/or manage files that pertain to customer personal data. Most organizations who seek to “go at it alone” will not do it well because doing so requires a combination of skills, with legal and compliance analysis leading the way. Businesses should prepare now with the help of legal privacy specialists. We have compiled a best practices list on what activities your business should be doing between now and January 1, 2020. If you are already complying with GDPR, you’re ahead of the game but there is still work to be done. 

Note: your company’s specific situation may vary from these general scenarios and further research may be needed.

BEST PRACTICES FOR COMPLIANCE

Data

  • Understand what personal information your business collects

  • Update your data inventories (the database to track your database processing activities) in order to prepare for data access, deletion, portability requests, and to comply with opt-out requests

Privacy Notices and Policies

  • Draft the required notices and disclosures “at or before the point of collection” informing customers of the categories of personal information that is being collected and for what purpose.

  • Determine if your business will maintain one privacy notice for California residents, one for other consumers, or have one universal policy.

Consumer Rights

  • Consumers have the right to know, right to request, right to opt out, delete, and the right to not to be discriminated against.

  • Implement protocols to ensure new consumers rights. Are you building out the process, training and have new systems for responding to consumer demands? What does your roll-out look like?

Third Party Service Provider

  • To comply, if you have a third-party vendor that processes your data you need to update and negotiate your contracts

Systems, Training, and Process

  • Increase your budgets for IT reprogramming costs and build process around responding to consumer demands, including protocols for deleting data.

  • Due to penalties involved, take the time to train your employees on handling customer inquires

During the course of the podcast CEOs, business owners, and C-level executives will learn:

  • The definition of the CCPA

  • Recommendations for best practices for your business on compliance

  • Understand what is meant by “intentional data privacy”

  • Final thoughts from Trusted Counsel on why every business should comply

How We Can Help

Contact us at 404.898.2900 or email us at info@trusted-counsel.com to set up a consultation to discuss your company’s situation.

Don’t miss a single episode of our podcast show. Subscribe to our show “In Process Podcast” on Apple iTunes and on Google Play to receive this episode as well as future episodes to your smartphone.

Read the Transcription

Be sure to check out Michael Jones on another podcast episode where he discussed General Data Protection Regulation (GDPR) and answers questions about it and data privacy.

GDPR Update: Your Questions Answered About GDPR and Data Privacy

Michael Jones Podcast_Image for Blog.png

In this episode of podcast In Process: Conversations About Businesses in the 21st Century, Trusted Counsel’s Evelyn Ashley and John Monahon speak to Michael Jones, Attorney at Trusted Counsel, whose practice specializes in privacy, compliance and technology licensing. Michael discusses the latest developments regarding the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and data privacy in the United States. This blog post and podcast continue discussion of two earlier blog posts; The EU General Data Protection Regulation and The California Consumer Privacy Act.

As you probably already know, the GDPR entered into effect on May 25, 2018. By now you’ve most likely been bombarded with emails from various vendors stating their privacy policies are updated. What you might not know is that the driving force behind this flurry of email activity is the GDPR. A key requirement of the GDPR is that customers and other users must be notified of certain changes to privacy policies. The goal of the GDPR is to allow individuals to have greater control over how their personal information is processed by organizations. And although the GDPR is a European Union regulation, many U.S. businesses are discovering that they may have certain obligations under the law. If you are a U.S. business providing goods or services to individuals in the EU (even through other businesses), you should undergo a thorough review of how you access, store and use your data. 

“If you are quick to dismiss the GDPR due to the idea that it is an EU regulation, really think it through,” Michael says. “What’s really striking about the GDPR is its extraterritorial effect. By this I mean the idea that it protects the personal information of EU residents. A business can process, hold, maintain, and use the personal information of EU residents even if they’re not living in the EU. In other words, the individual could be located in the state of Georgia, or anywhere in the world. In this example, it applies to your business.”

About a month after the GDPR went into effect, the California Legislature passed the CCPA, which has suddenly become the gold standard for privacy legislation in the United States. It imposes requirements much like those imposed by the GDPR, but it doesn’t go into effect until January 1, 2020. Much like the GDPR, you might be thinking that you’re not affected because you don’t have a business in California. But look at it this way, chances are that somewhere in your database, you’ve obtained the personal information of at least one California resident with whom you do business. And, if California just passed this legislation, could other states soon follow suit? Yes, they will.

Businesses need to prepare now, and here’s what you need to do:

  • Read our past blog posts on GDPR and CCPA (each includes detailed and important questions to ask yourself)
  • Listen to the entire conversation by clicking the audio player below
  • Identify the employees in your company that know where your data is. Get them together, put together a team and start talking about how your organization collects personal data.
  • Take good notes and document everything
  • Contact Trusted Counsel with questions. We can help you put together a compliance plan if needed. This will allow you to not only be in compliance now, but also to stay in compliance. 

During the course of the podcast, CEOs, business owners, and C-level executives will learn:

  • The difference between the GDPR and the CCPA
  • What questions businesses should be asking themselves regarding GDPR
  • Internal steps a business should take right now to become compliant
  • Legal advice for organizations that are reviewing their data privacy policies and procedures and their compliance risks
  • Commentary regarding the future of data privacy in the U.S.

Stream the conversation in the player below to learn more. You can also subscribe to In Process Podcast to receive this episode as well as future updates from the show on your smartphone. If you have any questions or comments regarding the GDPR, the CCPA, data privacy and your compliance efforts, please contact Michael Jones with Trusted Counsel. You may reach him at 404-400-3886 or email him at mjones@trusted-counsel.com.