eDiscovery Daily Blog

Another Sign That Companies Aren’t Ready for CCPA Yet: Data Privacy Trends

As we’ve reported several times (including just last week), the California Consumer Privacy Act (CCPA) is scheduled to go into effect on January 1 next year.  That’s only 42 days from now!  Here’s another sign that companies still aren’t ready for it yet.

As reported by Legaltech® News (CCPA Uncertainty May Put Cloud Agreements Up in the Air, written by Frank Ready), it appears that many businesses still have some prep work ahead of them when it comes to updating their cloud agreements.

That insight arrives courtesy of Baker McKenzie’s 2019 Cloud Survey, which garnered 190 responses from professionals across the globe working in roles that include legal, information security, sales, marketing, information technology, procurement and C-suite level.

While 80% of those respondents indicated they had amended cloud agreements as a result of the EU’s General Data Protection Regulation, only 26% had done the same for the CCPA. An additional 44% said “not yet” with regards to the CCPA, while 30% answered “no.”

Aren’t “not yet” and “no” the same thing?  ;o)

Anyway, part of the delay in amending cloud agreements for the CCPA may be attributable to the CCPA itself. Jarno Vanto, a partner at Crowell & Moring, pointed out that the final text of the privacy regulation won’t be solidified until December.

“So that’s made it somewhat challenging, for example, to come up with language for [cloud or other] agreements that will meet the CCPA requirements,” Vanto said.

However, time may be a luxury that organizations can’t afford. Christopher Ballod, a partner a Lewis Brisbois Bisgaard & Smith, said that by the time December rolls around, the process of ironing out all of the mechanics involved in a cloud agreement, including putting mechanisms in place to satisfy subject data requests, may be too much to accomplish before the CCPA’s implementation date.

While having previously undertaken a similar process to comply with the GDPR may provide impacted parties with a data map and a framework to start from, the CCPA adds a new wrinkle in the form of a private right of action that could find organizations and their cloud providers embroiled in a protracted game of hardball negotiations over where the burden of that liability falls.

While CCPA goes into effect January 1, enforcement isn’t expected to begin until July 2020.  That gives a little more time to become compliant, but that time can evaporate quickly.

So, what do you think?  Has your organization prepared for CCPA?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.