Cylynt Summit Speaker Highlight #2
This blog is part of our ongoing series highlighting the work of anti-piracy and cyber security experts who will be presenting at our upcoming 2019 Cylynt Software Anti-Piracy and License Compliance Summit. John B. Kennedy, a partner at the law firm of Wiggin and Dana and an expert on new regulatory schemes such as the European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA), will be presenting, “Get Ready for the California Consumer Privacy Act (CCPA) (or GDPR Meets Another Four-Letter Word).”
The following excerpt is from an article Kennedy wrote for CPO Magazine when the CCPA was enacted last year, “Emerging Tech Companies: It’s Not Your Uncle’s Dot.Com Regulatory Environment Anymore for Privacy and Data Security.” This article is an excellent resource for companies trying to get ready for the CCPA and also provides a useful bibliography of additional resources.
New Data Privacy Laws
Three new laws in the U.S. and EU indicate a shift in public sentiment about data privacy: the New York State Department of Financial Services 23 NYCCR 500 Cybersecurity Requirements for Financial Services Companies, the May 2018 EU GDPR, and the June 2018 CCPA, the most sweeping U.S. state consumer data privacy law to date.
Questions to Consider for CCPA Compliance
The CCPA will be a huge challenge for many California startups who have little or no budget for data privacy compliance. Kennedy offers seven basic questions that startups should consider as they plan for how the gathering of personal data will figure into their operations and provides advice that could help save many compliance problems down the road. The questions are:
Does the business model include a data strategy that takes account of privacy and security?
What is the privacy compliance and liability risk profile of the company’s data strategy?
Is there a baseline set of agreed principles and practices – the company’s ground rules – for addressing consumer privacy?
Are the privacy principles and related data practices communicated simply, accurate and transparently?
Has the company assessed its particular security risk profile and implemented a written security policy based on that profile?
Has the company committed resources and documented the procedures that enable it to enforce and be accountable for these privacy and security policies?
Are the company’s privacy and security policies applied to its third-party relationships?
Clarify Your Personal Data Strategy Now
Kennedy wraps up his article with a warning that regulations for data privacy are going to become more complex in the future than for the previous generation of startups. Time spent today in clarifying a personal data strategy will pay off by saving time that would be needed for strategy rework in the future when the startup is a public company with billions of customers. Read the entire article>>
2019 Cylynt Anti-Piracy and License Compliance Summit
Interested in this topic and others on anti-piracy and cybersecurity? Learn more about the 2019 Cylynt Software Anti-Piracy and License Compliance Summit.