The California Consumer Privacy Act (CCPA) goes live in six weeks. While many companies have been working on mapping their data for some time, others are just getting started. Some of the issues left open by the language of the CCPA and the proposed regulations have yet to be resolved, but there is no question that come January 1, 2020, many California residents will be looking to their favorite apps, sites and businesses to see what, if anything, they have done to comply with this new data protection law. If your business has not begun its work, we recently created a client alert with a high-level checklist to move toward CCPA compliance.
As part of our blog series, we share some of the most frequently asked questions that we receive from organizations across different industries regarding data privacy and security, and more specifically GDPR and CCPA. This is the second FAQ in our series.
Even though the California Consumer Privacy Act (“CCPA”) will be effective January 1, 2020, the time to plan for compliance is now. It may seem as though you have plenty of time to prepare but it is a mistake to not start preparing. Indeed with the twelve-month lookback provisions, companies must have proper records of personal information that they collected as of January 1, 2019.
There are many nuanced questions to consider that may not be apparent on a cursory read of the CCPA or the proposed Attorney General regulations. Some basic common questions arise when companies first hear about the CCPA, as follows. Continue Reading Privacy FAQ #2 – CCPA
Similar to the months before the GDPR went into effect at the end of May 2018, companies are now actively preparing for compliance with the California Consumer Privacy Act (CCPA). As California leads the pack of states in terms of privacy and technology laws, other states have followed suit, including Nevada.
With schools starting this fall, one invariably will think about the safety of their children – both online and in the real world. There are numerous security programs and apps now that tout data security technology and online measures to keep students safer in the real world classroom. The technology generally markets itself as having the ability to predict the propensity of students to conduct acts of violence in schools. In order to do so, the software offered by these companies reads our kids’ emails and social media posts insofar as they are publicly available or sent through school networks. The technology contains certain key words and phrases that trigger alerts, which are then sent to the provider’s customer, typically schools. It sounds promising and is definitely optimistic given today’s climate, which I like. But are they really getting the full picture? If a message is privately sent between students on social media as opposed to a school’s network email, it seems that the software would not have access important information indicating a kid’s nefarious plans or potential harmful activities if it were included in private interaction. It is also questionable if the limited scope of the protection services offered by these companies is worth what we give up in terms of privacy. Continue Reading School and Student Privacy vs. Security – How to Balance
As part of our blog, from time to time we will share some of the most frequently asked questions that we receive from organizations across different industries regarding data privacy and security, and more specifically GDPR and CCPA. This is the first FAQ in our series.
What’s the Deal with the Data Protection Officer?
Not to be confused with a CPO (Chief Privacy Officer) or EU Representative, the role of data protection officer (DPO) has specific legal meaning under the GDPR. The primary role of a DPO is to ensure that the organization to which it is appointed processes the personal data of its staff, customers or any other individuals (i.e., data subjects) in accordance with applicable data protection rules. Many, but not all organizations subject to GDPR, are required to appoint a DPO, but given the unique nature of the DPO, the why, when and how of this topic is definitely at the top of our US clients’ FAQs. Continue Reading Privacy FAQ #1