July 3, 2019
The California Consumer Privacy Act of 2018 (CCPA) is a sweeping change to existing privacy laws in the United States as it gives consumers broad rights to access and control their personal information. These rights include the consumer’s ability to control how their information is collected, used, sold, and disclosed.
In order to be in compliance with the CCPA, businesses and organizations must know what personal information they collect from consumers, how that information is shared, with whom it is shared, and they must be able to promptly disclose this information to the consumer when requested. The duties placed on businesses under the CCPA create questions about how these organizations will be able to comply with the new privacy requirements.
CCPA auditors, like auditors in other industries, will generally have ample experience in working with other organizations as they perform data privacy audits to ensure compliance with the CCPA and other privacy laws. As a result, CCPA auditors can utilize their experiences with other companies to inform their efforts as they assist businesses in complying with the new CCPA requirements. This experience can help guide a CCPA audit to ensure that a business:
- is aware of what personal information is being collected by the organization;
- understands the scope of the information collected, how it is used, if it is sold, and how it is shared;
- reviews and updates policies and procedures about the scope and purpose of the collection of personal information;
- updates the internal and online privacy policies to comply with the disclosure requirements of the CCPA;
- has proper policies and procedures in place to promptly respond to consumer requests to access or delete their personal information, as well as to respond to requests for information relating to the sale or disclosure of the consumer’s information;
- implements appropriate technological solutions that will categorize and map the consumer’s personal information in a way that will allow the organization to accurately respond to consumer requests, including requests for a consumer to opt-out of the sale of their personal information;
- develops a proper training program and adequately trains the people in the organization about handling personal information, especially personnel responsible for handling inquiries about consumer personal information;
- reviews contracts with third parties and service providers that personal information is provided to by the business;
- has appropriate risk management policies and procedures for third parties that have access to consumer personal information provided by the business; and
- conducts data privacy audits on service providers who have access to consumer personal information to ensure compliance with the CCPA.
Compliance with the CCPA is going to require organizations to perform a thorough review of its policies on how it handles and uses consumer personal information. This process may be complex and unfamiliar to many organizations but compliance will still be required as organizations are exposed to civil liability from consumers and fines from state regulators. Relying on the data privacy audit experience of auditors can minimize the risk of non-compliance to the organization and can ensure that the company is ready to respond to consumer requests by January 1, 2020. Companies can also do internal checks as they go through the steps of creating CCPA-required documentation and data mapping.
Click here to see how SixFifty can help your company fulfill its CCPA compliance obligations.
***DISCLAIMER: This publication has been prepared by SixFifty, LLC to provide information of interest to our readers regarding the California Consumer Privacy Act. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. SixFifty, LLC does not provide legal advice.***
Written by Marie Kulbeth
Marie Kulbeth is a Co-Founder and General Counsel of SixFifty, and the co-director of BYU LawX, a legal design lab dedicated to solving access to justice problems. She works to make the law straightforward for everyone, regardless of education level or income. Marie keeps her passion for equitable, accessible legal services at the forefront of her career. Her role as...
Full Bio and other articles by Marie Kulbeth
About The Author: Marie Kulbeth
Marie Kulbeth is a Co-Founder and General Counsel of SixFifty, and the co-director of BYU LawX, a legal design lab dedicated to solving access to justice problems. She works to make the law straightforward for everyone, regardless of education level or income.
Marie keeps her passion for equitable, accessible legal services at the forefront of her career. Her role as General Counsel allows her to field-test SixFifty’s products to ensure they’ll work for customers.
Education and Experience
Marie attended Brigham Young University, and spent most of her undergrad studying International Politics and Development. It was during a field study in South Africa that she first decided to become a lawyer. As she researched the new South African constitution and worked with community organizers, Marie became fascinated with the development of the rule of law and how it in turn fosters economic development.
After undergrad, she attended BYU Law, where she continued focusing on improving equity, specifically through access to justice. She spent time interning with a nonprofit at the Human Rights Council in Geneva and with the United Nations International Tribunal for the Rwandan Genocide. At home, she interned with Catholic Charities, focusing on supporting asylum cases. Marie’s work with communities and governments across the globe broadened her understanding of how the law can either uplift or further harm underserved populations.
After law school, Marie worked as a judicial law clerk for the US Fifth Circuit Court of Appeals. She then practiced commercial litigation in Salt Lake City before returning to BYU Law, where she became an Assistant Dean. During her time at BYU Law, Marie built a diversity recruiting program and a storytelling program. Although she has left academia, she continues to keep a hand in by teaching a legal design class at BYU Law School and an undergraduate international politics class that focuses on development and diplomacy at BYU’s Kennedy Center. Both courses help students increase their community engagement and use their skills to create change.
Achievements with SixFifty
Marie’s work with both SixFifty and LawX focuses on making the law less complicated and
more equitable for both companies and individuals.
Marie’s legal specialty is privacy. She has additional focus areas in legal technology; diversity, equity and inclusion; employment; and compliance. She enjoys the opportunity to build products with the legal product team, including pro bono products. This allows her to work with communities she cares about – and complements the work she continues to do at BYU.
With Marie’s guidance and experience, SixFifty is able to offer privacy products that allow even small companies to easily comply with global privacy restrictions. Her passion for making the law accessible to everyone is evident in our pro bono products, which help individuals access free legal help for common issues.
Get to Know Marie
When she’s not helping to advance SixFifty’s mission, Marie travels whenever she can. Keep your eyes open and you may find her anywhere in the world – one of her favorite trips was a seven-day motorbike tour of northern Thailand. She especially loves to canyoneer in southern Utah and explore wilderness areas.
Marie also continues her community development and education work. She is on the board of several nonprofits, including one that runs primary schools in South Sudan and the Utah Tribal Relief Foundation. She recently joined the board of the Mountainland Association of Governments, which focuses on making loans to entrepreneurs from underserved communities who lack access to traditional funding. She’s also a Model UN legend! She is the Executive Director of BYUMUN, Utah’s premier high school Model United Nations learning conference.
Marie loves podcasts and will nerd out on anything related to the law, the history of the English language, and anything done by the people at Radiolab.
Bar Licensed
Utah
More posts by Marie Kulbeth