No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Privacy Is (Now) Your Business

by Mitzi Hill
November 26, 2018
in Data Privacy, Featured
man staring intently at laptop

How to Prepare for New Legislation

Privacy is no longer a niche specialty or one-off discussion reserved for big companies with big resources. Mitzi Hill, a cybersecurity and data privacy attorney at Taylor English, discusses recent cybersecurity legislation that just passed in California and what companies big and small, local and national can do to ensure compliance.

Until 2018, there was very little regulation of consumer privacy in the United States. Other than financial services and health care, companies in most sectors were free to collect and use information about customers with virtually no restriction, and there was no requirement that employee or customer information be kept secured. This left companies in the U.S. free to collect and use information virtually without restriction and to not spend time and money investing in keeping customer and employee data secured, confidential and private.

2019 is a year of change – or at least it should be – regarding how U.S. companies treat the privacy of their employees and customers. The rules and norms are changing. Although some changes are required by law – and those requirements will apply to far more companies by 2020 – the fact is that marketplace expectations are likely to drive changes in best practices, even where the law may not require them. Smart companies will take 2019 as an opportunity to plan for privacy and tout it to customers and employees as a differentiator. For smaller companies that have not taken advantage of privacy planning before now, 2019 is the year to find ways to make privacy profitable.

Legal Changes Required

You may know that the European Union passed new privacy laws that took effect this year, rules that specifically apply to U.S. companies and carry stiff fines for noncompliance. Because the rules only concern U.S. businesses that “target” the EU, a lot of smaller American companies have been able to take the calculated risk that the rules do not apply to them. As a result, many companies have carried on without making significant changes to their privacy practices.

In 2020, this is likely to change. California has passed a new privacy law, the California Consumer Privacy Act (CCPA), that reflects many of the same ideas embodied in the EU laws, including:

  • A consumer privacy “bill of rights,” including the right to opt out of having one’s personal information shared for commercial purposes;
  • Steep fines for failure to secure personal information from data breaches;
  • Extremely broad definitions of what is considered personal data that must be protected, and in which consumers have rights; and
  • A requirement to be up front about what information a business collects and how it uses that information.

The CCPA has several important differences from the EU laws, but the concepts are similar. One important distinction is that the CCPA gives very clear and low threshold requirements that spell out what companies are subject to the law. Those requirements will ensnare a lot of small and medium companies with customers or employees in California; this will include many businesses with sales or an internet presence there. Because the CCPA is here in America, it will also be harder to dodge when it comes to visibility and enforcement than the rules from the EU.

In reaction to the CCPA, there is mounting pressure in Washington, D.C. to pass a federal consumer privacy law – and thus avoid a 50-state patchwork that would make running any national or regional business difficult. It is unclear how much traction a federal law might get in the short term, but it is very clear that California is the first domino to fall and that U.S. companies should expect possibly more onerous regulations to come. Coupled with the EU rules, which already affect many internet users, the expectations that employees and customers have about their privacy are very likely to change. Being ahead of both the expectations and the legal requirements is smart planning.

What can you do?

What does this mean in terms of best practices?

At a minimum, U.S. companies with a website should examine it and ensure that it meets the disclosure requirements and opt-out regime of the CCPA. Likewise, they should revamp any customer-facing materials, such as privacy policies.

Internally, a data collection and use audit is a smart measure that will help with website and privacy policy refresh, cyber insurance underwriting, incident response planning and product design that takes into account exactly what information the company needs for its operations and who will have access to it.

Taking all these measures together, it is wise to raise awareness with employees about how the company handles private data, data loss and breach and confidentiality. This can take place with new policies (such as a personal information processing policy) and training.

Reap the Value

Any U.S. company that takes privacy seriously and is on the leading edge should start talking about its philosophy with customers, employees and the marketplace. Use “European-style privacy commitments” as a selling point regarding your services. Make your website transparent and easy to use. Give consumers tools that allow them to see what you have collected and to opt out of its use.

Right now, all privacy inquiries are handled as one-offs. Plan for the day when they are routine enough that they should be automated and self-serve. For corporate customers, make affirmative efforts to demonstrate compliance with CCPA and EU rules, rather than responding piecemeal to their security surveys and RFP and audit questions.

The final point in this chain is to ensure that investors and potential buyers know of your efforts. Privacy and data security are fast becoming a standard part of the due diligence on any transaction. Having addressed them will make you a better target. Planning ahead and having these measures grow with your business – as opposed to implementing them only when you reach a certain scale – will also make you ready for any new opportunity those investors may bring. Privacy can profit you, if you know how to capitalize on it and make it easy for those in your ambit to gather information and to take new steps.


Tags: California Consumer Privacy Act (CCPA)GDPR
Previous Post

How GDPR Has Impacted Businesses

Next Post

Board Pay Rises for Middle Market Companies

Mitzi Hill

Mitzi Hill

Mitzi Hill is a partner at law firm Taylor English, based in Atlanta. She has worked on evolving technology issues for 20 years, largely with a focus on how new technologies affect consumers, commercial intellectual property strategy and commercial compliance. Her practice focuses on data security and privacy, entertainment and media matters and technology licensing and development.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
man handing check to employee

Board Pay Rises for Middle Market Companies

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT