Now that the January 1, 2020 deadline for California Consumer Privacy Act (CCPA) compliance passed, organizations are looking to create long-term sustainable compliance programs. It can be tempting to look at CCPA as “just another” compliance project, but that would be a real mistake. CCPA compliance should be an opportunity for organizations to get their overall engagement with personal data on the right footing. Such an approach makes it possible for organizations to comply with more agility in the face of future regulatory change. It also would support important competitive demands, such as using personal data in new products or services, to improve customer experience, and within innovative technologies such as artificial intelligence (AI) and machine learning (ML). This is sustainable compliance.
We partnered with First San Francisco Partners (FSFP) to create a new whitepaper that talks about why organizations should consider a more strategic approach to CCPA compliance; focusing specifically on creating sustainable compliance. In particular, three key elements of a sustainable approach to data privacy overall that organizations should consider implementing:
- Data ethics framework – Creating real cultural change in the way personal data is obtained, stored, and used is essential. Individuals who work with personal data should be part of an “ethics-aware” community. Supporting the development of a data privacy ethics framework, which is then embedded culturally, enables organizations to rely less on data privacy policies to compel the right behaviors.
- Training and education – Organizations need to train and educate people so that they understand why handing personal data in the right way is important, and how they are expected to engage with it. Training can take many forms, including in-person, formal online training, and participation in online communities.
- Privacy by design – It’s critical for organizations to consider data privacy at the very first stages of any project or program ı— for example, creating a new product or service, engaging in M&A, or innovating with artificial intelligence (AI). People within the organization need to be enabled to undertake privacy by design.
Delivering these three elements of sustainable compliance can be made much easier through the use of technology designed to support data privacy. For example, automating data privacy policies and processes supports the business in its desire to both comply and engage with personal data ethically. Training and education can be delivered online, either through more formal training or via community participation. Privacy by design is best supported through technology, from automating data lineage to empowering people to find the data they need in a compliant way.
In short, a sustainable approach to complying with CCPA’s data privacy rules — which means being able to comply with future personal data regulations quickly and easily — will enable an organization to thrive. Reduced risk and enhanced opportunity to engage with personal data effectively are just two of the key benefits.