The new California Consumer Privacy Act (CCPA) is shaping up to be the toughest privacy law in the U.S. Nymity’s Chief Global Privacy Strategist, Teresa Troester-Falk, discusses what organizations need to do to adapt to the changing U.S. privacy law landscape.
Would you find it surprising that almost half of privacy officers consider building a privacy program as their top priority? Perhaps one would expect that privacy programs would have been built in the run-up to the GDPR compliance deadline (May 25, 2018). In our view, this is an indication that companies may be treating compliance as a tactical “checklist” project and are now struggling with how to handle the multitude of privacy laws that just keep coming.
The Need for Timely Compliance
If reporting on the status of your data privacy compliance has not yet become a focus or priority for your board, it soon will be. Corporations and, in particular, corporate directors have a number of responsibilities and liabilities as part of their compliance and oversight obligations. Privacy is becoming an increasingly important topic at the board table and shareholders are also holding their boards accountable. Just last year, a shareholder suit was launched against a U.S. public company and some of its officers and directors for allegedly making false and misleading statements to investors about the impact of privacy regulations and the third-party business partners’ privacy policies on the company’s revenue and earnings. While we expect GDPR compliance to remain high on the radar of corporate boards, focus will expand as organizations turn their attention to the United States with the passing of state-level privacy legislation in California and Nevada, as well as numerous other states with legislation in flight.
Source: DRJ New feed