Keeping Pace with CCPA Developments

Every week seems to introduce new developments with the California Consumer Privacy Act (CCPA) either from consumer concerns, business compliance and/or how the California Attorney General (AG) will handle enforcement. One notion is clear; companies must have an operationalized privacy program in place to demonstrate compliance. Doing nothing will give rise to risks of litigation and enforcement.

In late February, the International Association of Privacy Professionals (IAPP) held the CCPA Comprehensive 2019 conference.  Topics ranged from scope and definitions of the CCPA, CCPA’s contrasts with GDPR and grey areas of the CCPA statute such as the definition of personal information. The definition of sales, transparency and consent handling were also topics discussed.

During Q&As, a number of discussions surrounded the CCPA provisions that may materially impact businesses, including obligations. For example, implications for companies that use service providers or transfer personal information to third parties. The one-year lookback period and enforcement by the California AG was another topic of concern. Finally, questions were raised concerning the impetus for companies to develop an Employee Privacy Policy that addresses how an employee has to treat data in a particular manner with obligations similar to privacy professionals, as well as processes for employees to report and ask for copies of their data.

On the other hand, also in late February, 2019 SB-561 was introduced as an amendment to the CCPA that seeks to strengthen the private right of actions for consumers (see SB-561 CCPA Amendment). With all the flux and uncertainty, it is not surprising that businesses take a wait and see approach to not waste resources and investment.

However, all the speakers and panelists at the CCPA Comprehensive did come to a consensus on recommendations businesses should be doing now in preparation for CCPA. Overall, seek to operationalize your privacy program based on privacy trends and anticipated litigation. Relying on CCPA exemptions and safe harbors may not be the best approach from a compliance perspective. Other recommendations include creating FAQs consumers may ask of the business upon enactment of CCPA; updating business privacy policies, and finally, operationalizing what may be prosecuted by private consumers or the CA AG.

Ron Naulls

Senior Manager
Technology Consulting - Security and Privacy

Subscribe to Topics

Providing a 360-degree view of various interactions enables organizations with a more proactive approach to accelerate business results. Learn how Microsoft Dynamics 365 CE can help you. Read here: http://ow.ly/MQ8X50JizUO

#ProtivitiTech #Microsoft #Dynamics

Join Protiviti's Paul Kooney and Stephen Nation as they discuss how to set up trust in an organization in tomorrow's Tech Talks at the TrustWeek 2022 Conference. http://ow.ly/HaT750JfK4Y

#ProtivitiTech #TrustWeek #privacy #security #dataprivacy

Evolving #dataprivacy laws and updates in the #OneTrust system call for a closer look at #privacy systems and processes. Join #ProtivitiTech Ismail Ali and Sam Reiter at #TrustWeek to learn how to take your OneTrust deployment to the next level. http://ow.ly/JlSU50JfHkL

Protiviti is pleased to be a Platinum Sponsor at the #TrustWeek 2022 conference. Join #ProtivitiTech and discover best practices to protect #privacy, #data #security, act sustainably and build trust with clients and within your company. http://ow.ly/1NZN50JfyYN

Embedded analytics have rapidly become one of the new “art of the possible” scenarios. Learn how platform's such as @SAP's BI Launchpad continue to develop data analytics, and enables continued organizational growth: http://ow.ly/TuRj50Jcxy0

#ProtivitiTech #SAP #DataAnalytics

Load More...