CCPA Preparation

There’s an old Ron White joke about a small airport also being the tire repair center and hair salon. I thought about that when I saw a law firm became a software developer. I don’t know what other enterprise might make a fun trio of businesses, but perhaps a sunglasses shop? Divorces, software, and a new look?

The CCPA (California Consumer Privacy Act). takes effect in less than a year. This is a law based on the GDPR, and the first strong attempt to regulate data in the United States. I think it’s a good move, though I’m sure large corporations like Google and Facebook will fight it and find exceptions that allow them to play fast and loose with information about many of us humans. I also think, like the GDPR, this will force many smaller companies to better secure, manage, and handle the data they process about companies. I wouldn’t surprise if this also brings about quite a bit of work for consultants and software vendors that help others better classify, protect, and manage their data.

A new product released by a law firm is designed to help other organizations in a number of ways, based on the knowledge and experiences of the lawyers that have worked in privacy law and compliance for years. They spun off a software development company who built an application that assists with four areas that organizations struggle with: compliance with consumer requests, mapping information flow, generating policy documents, and training employees.

I’ve worked in a few companies that needed to do most of those things to comply with some standard or regulation. It’s not a difficult task, but it is complex, it’s hard to stay organized, and it’s hard to ensure that everyone understands how the new processes work. While an Excel spreadsheet can track everything you need, once you get beyond a trivial number of employees and systems, the entire system becomes unworkable.

Instead, some organized system needs to be in place that helps keep all your employees coordinated. I don’t necessarily recommend buying software over building it in many situations, but here I would. There are lots of moving parts when trying to organize your data practices, lots of legal rules that you have to understand, and software is likely much cheaper than legal advice. Your employees will need to learn how to use new software, buy into new processes, and alter workflows, but capturing and documentation is the first step. Once you start to have a handle on what information you store, you can then decide what to do with the data.

Steve Jones

Listen to the podcast at Libsyn

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.