More than half of general counsel believe their organizations are not prepared for coming data privacy regulations, including the California Consumer Privacy Act, which had its enforcement date go into effect Wednesday, according to a survey published by Ethyca and TechGC.
The 2020 TechGC Data Privacy in the Time of COVID-19 Survey had 218 general counsel respond.
Cillian Kieran, founder and CEO of Ethyca in New York, said in an interview on Tuesday that he was not completely surprised that 56% of corporate legal leaders believe their company is not prepared to comply with data privacy laws. CCPA presents the biggest challenge for 52% of respondents.
“On the one hand it seems surprising, but there are varying degrees of readiness and you have to consider that the CCPA has evolved a lot over the past six months,” Kieran said. “It’s felt like quicksand.”
Kieran said keeping track of data that companies have is one of the more difficult parts of complying with a series of upcoming laws governing data privacy. The data-mapping process in particular is labor-intensive, and executives did not encounter the process much in the past.
“You need to fundamentally know where it resides and how it is used,” Kieran said.
Additionally, figuring out the processes for answering consumer requests take time because they are often done manually.
Kieran noted that under laws like the CCPA and the European Union’s General Data Protection Regulation, consumers have the right to have their data erased. He said one request can take corporations up to eight to 10 hours to complete.
Vanessa Wu, general counsel at HR technology provider Rippling in San Francisco and a member of the International Association of Privacy Officials, said there is difficulty complying with those laws because of a lack of expertise.
“I think there is a lack of baseline knowledge,” Wu said. “There is a lack of advice and expertise to businesses, sort of what they need to do to become compliant.”
Despite a lack of preparedness for the enforcement of data privacy laws such as the CCPA, 57% of general counsel indicated they will be spending more on privacy compliance as other laws around the globe come into effect. Wu said bolstering privacy budgets will be necessary as legal departments prepare for class action suits.
“The security protections can be enforced by anyone,” Wu explained. “When businesses think about how to allocate their budgets they should consider class actions.”
Wu said that businesses should also be prepared for upcoming laws such as the California Privacy Rights Act, or CPRA, which voters in California will consider when they vote in the general election in November. The CPRA bolsters the CCPA and puts it more in-line with the GDPR.
If the CPRA is voted into law, it would not come into effect until January 2023. However, it would immediately create a new agency that would enforce the CCPA, Wu said.
Kieran said companies who do business in South America should also be paying attention to the Brazilian General Data Protection Law, or LGPD. The LGPD enforcement date has been pushed back to May 2021. He also said to anticipate the passage of other state laws similar to the CCPA in the next couple of years.
“Across the U.S., most states have data privacy bills at least in committee if not further along,” he said.
The patchwork of laws have the majority of general counsel surveyed feeling that a federal data privacy law would be easier to comply with. For 49% of respondents, a federal privacy law would be very useful in planning a privacy policy for their companies, while 36% indicated it would be somewhat useful.
Wu said she favors a federal data privacy law.
“I think it would give a lot of clarity to business,” she said. “It would allow us to stop the less impactful compliance work and get more to the meat of the issues like how to protect the consumer.”
"general" - Google News
July 01, 2020 at 09:58PM
https://ift.tt/3dSkBjA
General Counsel Unprepared for Data Privacy Regulations Including CCPA | Corporate Counsel - Law.com
"general" - Google News
https://ift.tt/2YopsF9
https://ift.tt/3faOei7
Bagikan Berita Ini
0 Response to "General Counsel Unprepared for Data Privacy Regulations Including CCPA | Corporate Counsel - Law.com"
Post a Comment