The era of the wild west of tech is slowly coming to an end. There is increased pressure on Congress to pass a national data privacy law, and many states have independently been passing their own laws to protect consumer privacy—the largest of which is the California Consumer Privacy Act (CCPA).
California’s attorney general recently released some enforcement case examples as part of an update on the first year of enforcement measures. Additionally, a new mandate, the California Privacy Rights Act (CPRA)—which some are calling “CCPA-plus”—will go into effect on January 1, 2023.
These developments mean that many organizations need to fundamentally change how they track, manage, and use consumer data if they want to do business and avoid liability in the countries and states that are passing data privacy laws.
The burden of compliance with these new laws cannot be siloed within the IT department; it reaches across legal, IT, and marketing. Organizations focusing solely on CCPA compliance are already behind the curve. Teams managing governance, risk, and compliance (GRC) need to take a proactive approach and look at state laws as likely bare-minimum precursors to federal legislation.
“CCPA was already the most comprehensive privacy-centric legislation in the country, and CPRA goes even further, inching even closer to the scope of GDPR,” CPO Magazine points out. “The mandates are there, the architecture to monitor and enforce it is there, and the penalties for non-compliance loom large. As such, it will likely serve as a template for other states seeking to legally strengthen privacy protection.”
Laws such as the CCPA are proving to be a massive risk and compliance management challenge for many organizations. That’s why it’s important for executive leadership teams to start thinking about how to ensure data privacy compliance through:
To effectively comply with privacy-related mandates and prepare for future, more comprehensive regulation, organizations need to set the foundation for effective compliance and data management practices now.