The Privacy Insider Podcast
Landscape of Privacy: CCPA and Beyond
CCPA came into effect in January and the plan is to begin enforcement in just a few months. In this podcast, WireWheel CEO Justin Antonipillai and privacy expert Daniel Solove outline the key steps companies must take to prepare.
What do you need to comply with CCPA?
- Subject Rights Request (SRR) Process: You need to be able to show people who make data requests the information that’s required under the law – no more and no less. That means you need to authenticate that they are who they say they are, even if they aren’t your current customers. Especially for B2C companies receiving hundreds of thousands of consumer requests each year, you need an efficient way to process requests and gather relevant data.
- Secure SRR Delivery: You need a way to give people their information back and offer them a way to delete it in an easy, understandable way. Any information exchange needs to be secure from end to end.
- Documentation: You need specific documentation in your files, showing that you’re doing the right thing with personal information. That includes documenting your actions for maintaining data inventories, conducting vendor privacy assessments, and processing individual rights requests.
If you can achieve these goals, you’ll have the fundamentals in place to meet Subject Rights Request under CCPA’s requirements, plus a heads start on any new state, national, and international privacy law that comes your way.
Founder and CEO, WireWheel
Former Under Secretary for Economic Affairs at the US Department of Commerce
Professer, GW Law School + CEO, TeachPrivacy
John Marshall Harlan Research Professor of Law at GW University Law School