Stacey Garrett of Keesal, Young & Logan has written extensively about data privacy, including the California Consumer Privacy Act (CCPA). It’s no secret that other states are coming up with privacy laws similar to the CCPA, and she points out how all of these regulations are “going to make compliance increasingly hard for companies that operate in multiple states, and will incentivize businesses to model their compliance efforts with an eye toward common good.” Finding ways for consumers “to access and delete their data will become the norm.”
Mitratech CEO Mike Williams extends this to what organizations need to think about right now in dealing with privacy statutes and compliance needs, including “having to put policies and procedures in place, how to store documents with consumer information, how to provide access control around those documents, and how to enable the right types of policy management.”
Legal departments have to be aware of this changing landscape and how their companies ought to be satisfying these new requirements. Particularly since they’re at a point when compliance audits are becoming more common, and fines have the potential to become extremely hefty. New compliance processes will need to be quickly put in place, and new tools adopted for meeting requirements such as satisfying CCPA-based consumer data requests.