No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Look Behind You – Now!

The CCPA "Look Back" Requirement

by Bill Tolson
February 13, 2019
in Data Privacy
traffic seen through car's side mirror

A provision in the upcoming California Consumer Privacy Act (CCPA) will make the regulation retroactive once it goes into effect… meaning it’s effective now. Bill Tolson of Archive360 discusses what organizations can do now to move toward CCPA compliance.

The California Consumer privacy Act (CCPA) was passed last year (2018) with an effective date of January 1, 2020 – assuming no federal actions (check out the blog titled “Will the New California Consumer Privacy Act Stand?” for potential federal actions).

Who does the CCPA affect?

Simply put, the CCPA protects all California residents whether they are consumers, employees or business contacts. In hindsight, with the passage of the EU’s GDPR privacy regulation, many organizations didn’t think they needed to worry about it until much closer to the effective date of May 25, 2018. In fact, there are still many companies that aren’t in compliance. This wait-and-see strategy turned out to be a risky strategy for many companies because they didn’t fully understand the implementation complexities involved. They were not considering the potential startup costs, implementation turnaround times and the new processes needed to put it in place. Implementation readiness for the CCPA has already put many companies in an untenable position; they may already have dug themselves a hole it will be difficult to climb out of.

Most companies aren’t yet aware of the fact that their responsibilities for CCPA readiness begin well before the planned January 2020 implementation date. I am speaking of the “look back” requirement.

The look back requirement of the law allows California citizens to ask for their information on January 1, 2020 – for the previous 12 months. Companies should be able to find and report on what consumer data exists, how it’s being used and if it’s been sold to third parties. Also, the consumer can demand its disposal if the company is not required to keep it for regulatory or legal reasons. Ideally, beginning on January 1, 2019 (already past) companies should already have been capturing and managing consumer data in such a way as to ensure it can be found, culled and deleted quickly if needed. The current requirement is a business must respond to a consumer’s verified request for information within 45 days (subject to extension under limited circumstances). Many companies will not be able to fully respond correctly, raising the possibility of fines.

What does this mean for my company?

Companies that have not begun CCPA planning and implementation should take this risk to heart and get started immediately. The following topics should be addressed in your CCPA planning:

  1. Records/information management: Are you managing ALL data that contains California residents’ personally identifiable information (PII)? A best practice is to consolidate all PII (not just Californians’) into a single repository to make searching faster/easier and to ensure no copies are floating around, which would violate the CCPA if not deleted when asked. Ensure your systems are set up to index and search for PII based on residency.
  2. Create a CCPA team for fast/complete response: The time frame to react to a PII request is limited, so having a tested process in place will greatly reduce noncompliance liability.
  3. Data deletion: How PII is deleted from your systems is important. Simply hitting the delete button is not a true deletion – meaning unrecoverable. Companies should install deletion technology that ensures PII is completely unrecoverable, otherwise it could be considered still available and in violation of the CCPA.
  4. Data encryption: The best insurance policy against both GDPR and CCPA noncompliance is utilizing encryption/anonymization with all PII. Many privacy laws, including the GDPR and CCPA take the position that if PII is encrypted and the encryption keys were not stolen/hacked, then even if the data was accessed, it could not have been usable and therefore not in violation if data is inappropriately accessed.

We’ll Take Our Chances

Some CIOs have the attitude that they don’t need to worry about the CCPA because the chances of a California citizen asking about their PII from a small company in another state is particularly low – a bad idea. The chances may be low, but they’re not zero, and the benefits of CCPA preparation (listed above) actually provide obvious benefits to companies beyond that of CCPA risk reduction, such as better information management.

If your organization has not started yet, you still have time to get your company ready. Working with vendors focused on this area will help to get ahead of these challenges to ensure administrators are ready on January 1, 2020.


Tags: California Consumer Privacy Act (CCPA)GDPRPersonally Identifiable Information (PII)
Previous Post

Major New Legal Industry Study Reveals State of AI in Contract Analytics

Next Post

Launched Today: TRACE e-Gov Portal, a Global Directory of e-Government Resources

Bill Tolson

Bill Tolson

Bill Tolson currently serves as Vice President for Archive360 and is focused on the archiving, migration, governance, regulatory compliance and cloud-based storage of data. Bill has extensive experience in e-discovery and archiving/information governance from both a marketing and customer perspective.

Related Posts

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

Next Post
businessman selecting contacts icons

Launched Today: TRACE e-Gov Portal, a Global Directory of e-Government Resources

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT