Preparing for Compliance with the California Consumer Privacy Act

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA).

We have previously outlined the requirements of the CCPA in several posts [view related posts]. Now is the time to be thinking about, assessing and determining compliance obligations and implementing those measures so they are in place when the CCPA goes into effect in January 2020.

A report issued this week by TrustArc confirms what we are seeing in the industry: that although companies are aware of CCPA, and some have started addressing compliance with it, a vast majority of companies that it applies to are behind in tackling the requirements.

The TrustArc Report, CCPA and GDPR Compliance Report, states that “[F]or the vast majority of respondents (over 86 percent), CCPA compliance is still a work in progress. 14 percent report being CCPA compliant and 16 percent of respondents have not started the process yet. 21 percent of companies who worked on GDPR compliance report being CCPA compliant already vs only 6 percent for companies who did not work on GDPR.”

According to those surveyed, 64 percent of the respondents said they need help developing a CCPA plan and conducting privacy risk assessments, and 63 percent said they need help addressing international data transfers. Those companies which have already addressed GDPR compliance were ahead of their peers which have not.

Bottom line: If you have not made CCPA compliance a priority in your organization, now is the time. The compliance date is looming, and it takes time to implement the compliance plan. Further, a big incentive to get the compliance plan in place is the fact that CCPA provides a private right of action for consumers to get statutory damages for violation of the Act. We have seen how this has gone with Telephone Consumer Protection Act class action cases. The plaintiffs’ attorneys are ready to test companies’ compliance with CCPA, so addressing compliance now, instead of waiting to get hit with a class action case, is something to be considered.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide