July 8, 2019
Similar to the EU’s General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) grants consumers the right to submit an information request to (and obtain certain information from) businesses with respect to how those businesses collect, store, process, use and share the subject consumers’ personal information. Under the statute, in order to properly respond to CCPA-related consumer information requests, businesses must be prepared to provide a summation of all relevant consumer data collection/storage/use during the prior twelve (12) month period from the date of request.
Thus, while the CCPA is not due to go into effect until January 1, 2020, businesses should already be engaged in internal data mapping to ensure that they will be able to comply with consumer information requests, including where such requests apply to data collection/usage during the twelve (12) months prior to January 1, 2020.
Should I Begin Mapping My Business’s Internal Data Collection and Usage Activities?