Full enforcement of the California Consumer Privacy Act (CCPA) began on July 1 2020. In the run-up to that deadline, many organisations were still playing catchup, with most compliance mistakes falling into three main areas:
- Failure to harmonise the DSAR process with litigation requirements
Under the CCPA, a business has 45 days to fulfil a DSAR. Deleting data that could be relevant to anticipated or pending litigation (civil or criminal) can have devastating consequences, making it imperative that any DSAR process must harmonise with information under a legal hold. Mistakes can happen if processes aren’t connected and people aren’t communicating.
The request answering process that your organisation builds should consider where it makes sense to cross-reference the DSAR request with the person or team in charge of legal holds, and verify that the information can be deleted.
- Forgetting to include paper records in the DSAR process
The CCPA doesn’t delineate between electronic and paper data. Organisations should try and work towards making all data digital, and removing the need for storage of paper records entirely, if allowed by the regulations that govern your industry.
If paper records must stay a part of the business, then it’s even more important to follow data retention laws.
- Over-retaining data, heightening the potential impact of data breaches
Businesses need a plan to reduce their volumes of data for reasons pertaining to litigation and data breach risk.
For additional reading on this subject matter, get the ‘3 Biggest Mistakes Companies Are Making With CCPA’ eBook here:
Submit your details to read the full eBook
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.