Four Questions To Answer About New Privacy Regulations
January 6, 2020
Many companies, and not just in California, as of January 1 became subject to The California Consumer Privacy Act. Those that didn’t should assume this law is almost certainly the first of a coming generation of privacy legislation that will affect virtually all companies. Compliance with the CCPA is at best complex and time-consuming, but by approaching it systematically it can be made manageable. This Today’s General Counsel article is a compliance primer organized around four key questions and their ramifications: First, do you really know your own data? That is, do you know who in the organization has it or has access to it, how it’s being used and stored, and under what retention obligations? The second question refers to so-called DSARs, or data subject access requests, and your ability to handle them. These are the requests that consumers under the CCPA are empowered to make regarding the information the company is holding about them. This is arguably the shank of the new privacy regulation, and compliance will be a challenge. One issue that can’t be ignored: authenticating the request itself. “Potential lawsuits aside,” says the author, “it would be extremely unfortunate to give a bad actor someone else’s personal information.” Question three addresses the key issue of company data that’s in the hands of, or can get accessed by, third parties. One study found that such data was the cause of nearly 60 percent of recorded data breaches. The final question addresses the ins-and-outs of data retention, and whether or not the company is keeping some data longer than necessary. Put bluntly, as the writer says, “personal data you don’t have cannot be breached.” Yet, there are reasons, legal and otherwise, why some data must be kept. Sorting this out is a major challenge.
Read full article at:
Share this post: