We are excited to launch a brand-new video series, Innovators in Privacy Tech! At our global user conference in London, PrivacyTECH, we interviewed the best and the brightest minds in the privacy industry for their insights on everything from the California Consumer Privacy Act (CCPA), the future of privacy, how to achieve sustainability in your privacy program and more.
To kick off Innovators in Privacy Tech, we have Jason Straight, Senior Vice President, Cyber Risk Solutions, Chief Privacy Officer at UnitedLex. UnitedLex is the leading enterprise legal services provider that drives digital transformation throughout the corporate legal ecosystem. With more than 2,700 attorneys, engineers and consultants across four continents, they deploy innovative solutions to deliver unparalleled business impact for global corporations and law firms.
Origins of CCPA
The CCPA took many businesses and privacy professionals in the United States by surprise and brings new challenges for businesses who must update their privacy programs to respond to these new rights and obligations.
Straight notes that the reason the CCPA was enacted so suddenly is because there was a ballot initiative that was going to be put on the California statewide ballot in November 2018, which was stricter than what the CCPA became and gave data subjects even greater data rights.
The ballot initiative was collecting signatures at the same time that the Cambridge Analytica incident was disclosed, and it instantly had a tremendous amount of support in California.
“The people really demanded it [CCPA] in California”
CCPA- what’s next?
Now that the California Consumer Privacy Act (CCPA) has been passed, people are asking “what’s next?” As Straight notes, his team is getting questions from organizations who feel like they were able to “dodge the GDPR bullet” because they don’t have EU data subject information but are realizing they have a lot of California consumer information.
Is the advent of the CCPA an indication that soon we will have GDPR-like regulations across the United States? Straight believes so, whether we continue regulations on a state by state basis, or legislation comes from the federal government, it could go either way.
According to Straight, the more important question to ask is not what is CCPA and what does it mean, but why did CCPA happen in the first place? Straight says that the more progressive companies and smarter companies will see where privacy is going and try to get there in advance.
In other words, “don’t wait for state after state to enact similar laws, assume that that’s where we’re going to end up, not only because it’s probably true but also, it’s the right thing to do. It’s what your customers expect, it’s what your employees expect, we’re hearing that loud and clear. It’s a best practice, it’s a way for you to, if necessary, rebuild trust or if you have existing trust to enhance that.”
“The best practices that are embodied in the GDPR and CCPA provide us with a roadmap of where we need to go.”
For more information on the CCPA, visit our website and download our whitepapers, “Privacy Rights Under the CCPA vs. The GDPR” and “A Comprehensive Guide to the California Consumer Privacy Act.”