With a January 1, 2020 deadline looming, the CCPA can seem like an immediate compliance project. However, to take that approach would be to miss an important opportunity.
Organizations can develop an expensive patchwork of point solutions to manage data privacy. However, it makes much more sense to embrace CCPA through Data Intelligence, and to support that holistic approach with the right platform-based solution. Four best practices for organizations to consider when implementing CCPA compliance include:
- Prepare to comply with other, new data privacy laws. Although CCPA compliance is front-and-center at the moment, there are more data protection laws being developed in other states. Nevada has just passed its own data privacy law, which is effective October 1, 2019. Other states drafting rules include Washington, New York and Massachusetts. A draft data privacy law is also making its way through the US Congress at the federal level. All of these different sets of US data protection regulations – plus the growing number of international laws – can seem to add up to a complex and expensive compliance project. It’s key to embrace a compliance strategy that, once used to comply with one set of data privacy rules, can be easily leveraged to make compliance with new regulations simple and less resource intensive.
- Implement data privacy by design. Although “data privacy by design” is not called out in the same explicit way that it is in the EU’s GDPR, it’s difficult to comply with CCPA without taking a data privacy by design approach. Data privacy by design means baking in personal data protection to every new product, service or other initiative from the very beginning of its creation. It is a core element of any strong personal data protection approach.
- Deliver a great customer experience. Data privacy isn’t just about compliance – it’s also about competitive advantage. To succeed in today’s digital economy, organizations need to be trusted by their customers to securely handle their personal data and other sensitive information. This trust is the foundation of the customer relationship and maintaining customer loyalty. This is hard to deliver with a collection of compliance-focused point solutions. Organizations need a platform built with privacy by design principles at its heart – one that enables organizations to embrace the privacy by design approach to create great products and services that their customers trust.
- Track sensitive personal data across its entire lifecycle. It’s important to understand how the personal data you hold is created, who uses it, where it is located and how it’s used – in other words, its data lineage. Having this information is essential for engaging with technologies such as AI, ML, and IoT. With automated mapping of data to data categories, organizations can ensure sensitive data is effectively categorized and used for ongoing compliance.
While complying with CCPA, it makes sense to think more strategically about data privacy across the whole organization while laying a privacy platform foundation that will support other local, national and international regulations. Collibra Privacy & Risk can help. With a module specifically designed to enable compliance with the CCPA, Collibra Privacy & Risk provides out-of-the-box CCPA templates, workflows and assessments, as well as traceability diagrams and compliance progress dashboards. Organizations that used Collibra’s GDPR module are in a great position for CCPA compliance, and the broader Collibra Privacy & Risk product establishes a base from which to comply with future regulations.
With Collibra Privacy & Risk, organizations can track personal data, enable privacy by design frameworks, help deliver services that customers will trust and handle future regulatory changes with ease. For more information, visit Collibra for CCPA.