The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

California Adopted a GDPR-like Privacy Law: What Does It Mean for You?

Views
Demystifying digital transformation in finance - Explore the key to success in digital finance transformation
Larger Font
2 minutes to read

Organizations worldwide are already feeling the impact of the General Data Protection Regulation (GDPR) that went into effect in the European Union on May 25, 2018. As a result of that and other regulations as well as recent privacy related-events, data privacy and security issues remain top-of-mind concerns for businesses and consumers. Now, California has upped the ante with the passage of the California Consumer Privacy Act of 2018 (CCPA), a trailblazing privacy law that will take effect January 1, 2020.

The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. Organizations should immediately review their data handling and collection practices to determine how this law will affect them and implement controls, as needed, to mitigate the associated risk.

Every affected organization is likely to require new customer data strategies depending upon business constraints and technical limitations. One challenge for many organizations is going to be making sure they will be able to respond to consumer privacy requests in a timely manner. Many companies are not currently in a position to respond effectively to these types of requests and will require significant new data inventory and management processes.

Privacy laws such as CCPA and GDPR continue to reinforce the theme from government and regulatory authorities that protecting consumers and promoting responsible innovation are of the utmost importance.

Although all U.S. states and territories have laws on the books governing the reporting of data breaches, California is among several states that are taking data privacy to the next level, with GDPR-like consumer data privacy protections.

Vermont, for example, in May, passed legislation to regulate data brokers. The law, which goes into effect on January 1, 2019, requires data brokers to register with the Vermont Attorney General; file annual data privacy practice and breach reports; and develop, implement and maintain a comprehensive written information security program with administrative, technical and physical safeguards. Other states that have recently introduced or passed tougher consumer data provisions include Alabama, Arizona, Colorado, Iowa, Louisiana, Nebraska, Oregon, South Carolina, North Dakota and Virginia.

A significant number of organizations are not fully aware of the data they are collecting, where it is stored or how it is shared. In addition, many organizations mishandle the response activity, often failing compliance audits and/or experiencing fallout from a breach.

For these reasons, despite having an 18-month window, most organizations can benefit from performing an initial assessment now to determine if they are currently in compliance with the new California law and identify gaps to address. If the GDPR provides any lessons learned, it is that organizations typically require 12 to 18 months to meet these types of requirements and develop sustainable processes for compliance.

For more details on the new law and steps businesses can take to prepare, you can read the Protiviti analysis here.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Jeff Sanchez

By Jeff Sanchez

Verified Expert at Protiviti

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

The big picture: C-suite leaders in traditional aerospace and defense (A&D) companies are launching and growing their aftermarket services and...

Article

What is it about

What to watch: President-elect Donald Trump will take office in January 2025 with Republican control of both the Senate and...

Article

What is it about

What’s new: HR leaders are having to rethink and relearn traditional rewards strategies in response to the growing need to...