Companies only have eight months to comply with the CCPA. Compliance efforts will never be sufficient or defensible for companies relying on manual approaches, empty-shell software, or limited technologies. Legal and IT teams must take great care in focusing efforts on approaches that are agile, iterative and provide the highest level of diligence necessary to protect your company’s legal and financial position. Common approaches fall short in critical areas of compliance.
In-House Efforts. The resources (human and financial) and business disruption involved in in-house efforts to assess regulatory compliance, along with the lack of repeatability make this solution both expensive and ineffective.
It's important to recognize that effective data mappings are not static – they must evolve with the organizations they support. - Hogan Lovells
Traditional Consulting. Traditional consulting methods fail to collect key data points and develop insights necessary to ensure defensible compliance. Most consulting firms do not profile specific data elements, location of data or the context in which information is collected (i.e., record types). While this approach may check a regulatory box, companies are left with complex, static spreadsheets or Visio diagrams that are not sustainable for ongoing compliance with ever-changing regulations.
Empty-Shell Software. Privacy software with DIY survey tools lack the necessary experience, support and structure that is essential for effective compliance. Having the right tools doesn’t necessarily mean you’re using them properly or demonstrating defensible compliance.
Toothless trainings, audits, and paper trails, among other symbols, are being confused for actual adherence to privacy law, which has the effect of undermining the promise of greater privacy protection for consumers. - Washington University Law Review
Technology Scanning Tools. The definition of personal information under the CCPA and GDPR is broad and includes ambiguous elements such as attitudes, preferences, trends and religious beliefs that technology can’t find. Scanning technologies take months to implement and can’t misses personal information at third party service providers and off-network data sources that don’t leave a digital signature.
“Laws like the European Union's GDPR or California's state privacy rules are failing to deliver on their promised protections partly because of the "booming market" in tech vendors hawking privacy compliance tools." – US legal eagle: Well done, you bought privacy compliance tools. Doesn't mean you comply with anything
Jordan Lawrence offers defensible CCPA compliance services. We take a professional services approach that leverages best practices, deep domain knowledge and predictable, defensible results to help you meet your obligations in less than 45 days.