Sephora now owns the dubious distinction of being the first organization to be hit with enforcement action since the California Consumer Privacy Act (CCPA) took effect in 2020. Their $1.2 million settlement of claims by the state Attorney General Rob Bonta that the $10 billion company violated the law by selling consumer data without providing consumers with adequate notice or honoring their opt-out requests. The Sephora settlement is a strong signal of ongoing vigilance in California. Bonta stated his hope that the agreement “sends a strong message to businesses that are still failing to comply with California’s consumer privacy law,” (source). He’s supporting his words with action: his office notified more businesses last week that they were not compliant with the CCPA’s opt-out requirements.
This is a foretaste of more vigorous legal actions nationwide against businesses misusing consumer data, whether intentionally or not. U.S. states are in the process of data privacy legislation aimed at closing legal loopholes and stopping corporate practices that expose individuals’ information to unwanted sales and marketing efforts. Recent legislation aims to close legal loopholes and stop corporate practices that expose individuals’ information to unwanted sales and marketing efforts.
This is welcome news for consumers. Data privacy requests under CCPA have risen sharply since the act’s introduction. A recent survey of over 5,000 consumers found that, while they accept giving companies access to their data can be useful, 90% want to know which elements of their data are being shared.
A Wake-Up Call For Corporate Legal Departments
These are clear indications that failure to protect personally identifiable information (PII) now poses more immediate financial, legal, operational, and reputational risks to corporations. Legal counsel needs to proactively investigate and, if necessary, remediate their organizations’ data privacy practices, policies and readiness for response in order to reduce potential future risks. They need to understand where personal data is held within the organization, what the data retention practices are and, if correction or deletion is required, ensure that these adjustments are made in every repository where the data is stored. With so many interconnected applications and infrastructure elements to consider, including SaaS apps, data lakes, and hosted databases – organizations will typically have between 50 and 100 locations that will need to be reviewed.
The best way to ready an organization to comply with data privacy-related regulations and respond to the resulting surge in consumer data subject access requests (DSARs) is to utilize advanced legal technology solutions.
How to Leverage Advanced Legal Technology Solutions
Casepoint’s legal discovery platform is among of the most advanced platforms in the marketplace for litigation and eDiscovery, helping organizations develop a rigorous evidence-based argument that can be successfully defended in court. As an end-to-end platform, Casepoint encompasses legal hold, preservation, data collection, data processing, review and production, artificial intelligence analysis and advanced analytics, as well as case strategy to enable you to understand and manage the data you control across the entire eDiscovery lifecycle.
Crucially for the increased pace of new regulations and growing volume of consumer inquiries, it incorporates advanced analytics and AI-powered technology that make every aspect of data discovery more efficient and more accurate. The AI capabilities help legal departments proactively identify information governance and records management practices that put personally identifiable information at risk, and through features such as intelligent automation of repetitive tasks and collaboration, these teams are enabled to respond with accelerated speed and efficiency to privacy-related matters.
More than ever before, legal departments are called upon to protect their organization by collecting and presenting relevant data that presents a compelling defense against risk. Today’s best eDiscovery solutions have evolved as robust and comprehensive legal discovery suites. Casepoint’s stands among the industry’s most effective platforms for managing data privacy policies and responding to requests. Find out more here.