Are you preparing for 2023’s new data privacy requirements?
New privacy legislation in California, Colorado, Connecticut, Utah, and Virginia is coming and it’s going to impact – perhaps significantly! – how you process, store, and share consumer data. Depending on where your organization stands now, you may have a lot of work on your plate.
Not sure where to start?
Check out the steps you can start taking now and continue with throughout the year to ensure your organization and employees are ready.
Q1: Gather the facts
Gather the facts and get educated. Work with experienced counsel to understand what these new laws will require and how you stack up now. You’ll need to work with your IT folks, relevant departments and business units, and your vendors to evaluate the data you are collecting, how it’s being used and by whom, who it’s being disclosed to and why. How will these new laws impact your policies and processes?
Q2: Start filling in the gaps
Where is your organization falling short in meeting the new requirements? Continue working with counsel to identify your specific legal obligations and how these translate into needed changes to your policies and procedures. For example, the new laws will give consumers new rights to correction. How are you currently providing this option? If so, how are you communicating it to your consumers and in what timeframe?
Q3: Put it to the test
This is the time to put those new and updated policies and procedures to the test. Start setting up and testing needed operational changes in a protected way to uncover the hiccups. Where is communication falling short between business units? Can your technology handle these updates? What employee training will be needed?
Q4: Refine and implement
Address the problems that were identified in Q3 and get ready to go live. Fix the things that aren’t working as expected and start to build in efficiencies where they are. Your vendors and other partners will need to be brought into compliance as well so don’t forget to review their contracts against the new requirements.
December 31, 2022: Raise a glass
Be sure to raise a glass of your desired beverage and toast your organization’s initiative as you ring in the new year and bask in your preparation and compliance. Try not to gloat with those who have waited until the last minute. They may be feeling a bit….vulnerable.
* Updated November 14, 2022
A Partner at M&S, Josh advises clients on a range of proactive and responsive matters, helping them achieve their business goals while complying with federal and state privacy and other consumer protection laws.