Printed from BusinessInsurance.com

RIMS urges risk managers to address California privacy law

Posted On: Dec. 6, 2018 12:58 PM CST

Data privacy

Risk managers should start internal discussions with key stakeholders about implementing the California Consumer Privacy Act of 2018 and the impact it may have on their business operations, says a report issued by the Risk & Insurance Management Society Inc. on Thursday.

The legislation, which was signed into law by Gov. Jerry Brown in June, becomes effective Jan. 1, 2020, and is similar in some respects to the European Union’s General Data Protection Regulation. 

The RIMS report describes the businesses covered by the CCPA; its key obligations; how personal information is defined under the legislation; the rights provided to California consumers under the law; and how it compares with the GDPR.

It was written by RIMS external affairs committee member Teri Cotton Santos, who is global chief compliance and risk officer and general counsel with Chicago-based Hoffman-Barnes Risk Management Consulting Co.

“Stakeholders should consider the impact of the legislation on current and future business models, specifically those that rely on the sale of consumer data,” says the report.

“Stakeholders should also consider whether key operational changes needed to comply with CCPA can be implemented only in the portion of the business that touches California consumers, or whether the implementation should be across a larger part of the organization, recognizing that other states could implement laws similar to the CCPA in the future,” says the report.

Among other advice provided, the report says companies should conduct an analysis of the consumer data they hold. They should also develop requirements and documents unique to their business and a gap analysis to determine where operational controls may be needed.