Ed. Note: This is the fifth installment in a year-long series the WLF Legal Pulse is hosting of “frequently asked questions” on two California laws aimed at protecting the privacy of digital personal data. The author of the posts, David Zetoony of Greenberg Traurig LLP, authored a book on the laws for the American Bar Association from which this and future FAQs are excerpted. We thank the American Bar Association for granting us permission to share them with our readers.
Data privacy has become one of the greatest areas of risk and concern for business. It is also quickly becoming a heavily regulated field with the adoption in Europe of the General Data Protection Regulation (GDPR) in 2016 and the adoption in California of the California Consumer Privacy Act (CCPA) in 2018 and the California Privacy Rights Act (CPRA) in 2020. Some states, such as Colorado and Virginia, have already followed California in enacting data privacy regulation; many others are considering it.
The American Bar Association (ABA) recently published a Desk Reference Companion to the CCPA and the CPRA, a book authored by David Zetoony the Co-Chair of the United States data privacy and security practice at Greenberg Traurig LLP. The book is designed to help in-house counsel understand the intricacies of California’s complex privacy regulations by providing answers to 516 of the most frequently asked questions from business. The following excerpt was reproduced with the permission of the ABA.
What types of compliance documents should businesses consider?
The written policies and procedures that businesses put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the business, the quantity of personal information that it collects, its industry, what the business does with the information it collects, and with whom it shares information. That said, there are 13 functional compliance-related documents that most companies consider when trying to create processes and procedures that deal with the core requirements of the CCPA. The following chart (Click HERE for a PDF of the image below) “maps” the core substantive requirements of the CCPA, as amended by the CPRA, with those functional compliance-related documents. It is important to remember that some businesses will decide that they do not need each of these documents in order to comply with the CCPA; other businesses will decide that they need several more: