Companies around the country started the year off by bracing themselves for the implementation of the California Consumer Privacy Act of 2018 (CCPA). California consumers are now granted rights to their personal information (PI) that is being shared across organizations. Business operators must ask the question – do we fall into CCPA’s purview? Those that do, must take action to cover their bases and make sure they fully abide by the regulations the law enforces. But, who is most impacted and how should they prepare for what’s to come? Also, how should the legal industry prepare for the inevitable changes in workflows caused by the CCPA coming into effect?
Who is most impacted by CCPA?
All organizations and companies handling PI that belong to California residents are impacted by CCPA. Additionally, CCPA impacts third parties that purchase PI from a business, and service providers that process PI on behalf of a business. It’s important to note that nonprofit organizations fall outside of CCPA’s scope.
This means a wide variety of business types are affected, however, those that deal with personal data directly are impacted the most, such as digital advertising agencies, like LiveRamp or Drawbridge, that are involved with disclosing personal data. If they do not meet the protocols perfectly, they can accrue unnecessary costs through fines.
These entities need to communicate to California consumers (1) that they are in fact collecting their data, (2) how they are collecting their data, and (3) how users can opt-out of sharing their data with said entity. The purpose of jumping through these hoops is to protect the consumer’s privacy. However, it is at the expense of the businesses that meet CCPA’s determined thresholds.
Companies have spent weeks or even months reviewing their privacy policies, updating their websites, and changing internal processes. All of which equates to time and money spent on implementing new procedures and technologies. Though, getting ahead of it now prior to undergoing expensive lawsuits and fines is definitely the cheaper option.
How does CCPA impact the legal industry?
There are a number of ways legal workflows are affected by CCPA. On the one hand, similar to the implementation of EU’s General Data Protection Regulation (GDPR), lawyers may see an increase in volume of privacy-related work. The need for their services to advise on how to avoid disputes and allegations of privacy infringement is critical. This means more work overall for legal teams, and more involvement in counseling businesses on how to navigate new regulations.
Additionally, the implementation of CCPA causes an uptick in the complicated nature of a certain area of legal practice. It is undeniable that with CCPA, there is a rise in Data Subject Access Requests (DSARs), which is already considered an expensive burden for businesses. CCPA requires a timely response to these requests, and if not met, can result in steep fines. When “John Doe” requests personal data, executing this request can result in complex workflows and can take a great deal of time. Teams must establish a flexible and transparent process to sustain DSAR requests. Utilizing technology can assist in saving time and adding visibility into workflows. It is in a legal teams’ best interest to seek a well-rounded eDiscovery solution that can alleviate and mitigate these new complexities by increasing efficiency and accuracy when searching and reviewing documents.
CCPA, like GDPR, is causing upheaval in the corporate world and in the legal industry. How do these organizations and firms really feel about it? Stay tuned for our next blog that will discuss the perspectives of law firms, corporations, and eDiscovery professionals.