Extract from Jennifer Bantelman’s article “Staying on Top of Data Privacy Litigation Trends”
Things can move pretty quickly when it comes to data privacy rights. In the last couple years, the California Privacy Rights Act (CPRA) expanded on the California Consumer Privacy Act’s (CCPA) provisions and created a new state agency to oversee privacy. Moreover, this is just one of dozens of privacy laws and regulations that have been passed across the US and around the world. Some of these cover states or even individual cities while others apply to specific industries like healthcare. Then there is Europe’s General Data Protection Regulation (GDPR) that affects any company doing business there. Nothing is standard. It’s enough to make your head spin!
How to Reassess Your Data Privacy Process
No matter where you are in your ediscovery process, it’s always worth taking another look at the data-privacy landscape, assessing your organization’s responsibilities, and forming a plan of action.
- Understand your responsibilities. This is common sense but necessary to understand the implications for your organization. Regardless of where you are headquartered, do you do business in a jurisdiction or industry covered by a privacy law? Do you have customers in such jurisdictions? Are you growing and expanding into new markets? There is a lot of nuance in terms of who the laws apply to and what the scope of regulation is. For instance, companies below a certain size may be exempt from some provisions. Start to understand what you need to do to comply by the time regulation takes effect.