Professional Documents
Culture Documents
CCPA - California's Own GDPR and How To Be Compliant - Workflow™
CCPA - California's Own GDPR and How To Be Compliant - Workflow™
BY GRANT GROSS
› Unlike GDPR, CCPA offers “opt-out” provisions that will require enterprise
support
C
hief security officers already have their hands full with
escalating risks and costs of data breaches, not to mention a
global talent shortage. Now they’re facing more challenges
from regulators, who continue to dole out new requirements for data
security and privacy compliance in many markets.
The first jolt came with Europe’s General Data Protection Regulation
(GDPR), which introduced sweeping new privacy protections in 2018
for consumers and defined some early guardrails around the use of
artificial intelligence. In the UK alone, GDPR’s enforcement arm, the
Independent Commissioner’s Office, has already handed out more
than $440 million in fines for major breaches and violations.
5,000
differences. (See box.) Just as
GDPR requires companies to
obtain consent to collect and use
consumer data, CCPA also
includes an “opt out” provision companies will be impacted
by CCPA
for customers to block the sale
of their data to third parties.
Companies must also add a “Do Not Sell My Personal Information” link
on websites and mobile apps.
Key challenges
The CCPA presents significant challenges. Companies will need to
maintain up-to-date data profiles about the information they hold on
all customers. They also need to preserve inventories of all customer
data on hand, including metadata and licensing information.
Companies also face new litigation risks under CCPA. Consumers will
be able to file class-action lawsuits after a data breach, with damages
of up to $750 for each California resident affected. That’s a bigger
number than it seems: The $700 million settlement reached after the
massive 2017 Equifax data breach pays out just $125 to each claimant,
and only if they meet specific requirements.
It will be neither easy nor cheap for companies to deal with these new
risk and compliance challenges. The silver lining is that building
stronger risk management muscles can have longer-term payoffs.
“They can be a good driver of integrating risk management into day-
to-day experiences,” says ServiceNow’s Kay. “That’s the reality of the
digital world we navigate today.”
RELATED ARTICLES:
Legal COLUMN
Rise of the chief
guardrails for Every data officer
AI corporate Why data strategy is
becoming business
A new European Union
rule could make it harder
leader is a strategy
for business leaders to digital risk
rely on algorithms manager
New ways of working
create new forms of risk
IT Transformation QUARTERLY
25