Last week, Utah ratified the Utah Consumer Privacy Act (UCPA), joining California, Virginia, and Colorado to become the fourth state to jump on the consumer data privacy bandwagon. As more and more states enter the fray with consumer data privacy regulations, and regulation is contemplated at the federal level, business leaders need to consider the impact these regulations may have on their businesses.
Danny Omiliak, Privacy Lead at W. Capra Consulting Group, weighs in: “If you’re already compliant with the California laws, adding Utah on to your current consumer data privacy effort won’t be a major lift. On the other hand, if you’re just starting your journey to compliance with these regulations, the addition of this new state increases your risk profile related to privacy and potential work effort.”
While the law is often clear, the effort needed to bring an organization into compliance can be difficult to define. Many organizations lack the functional knowledge about data privacy and visibility into their own data collection practices to effectively tackle consumer privacy. In some cases, a data mapping exercise coupled with a third-party vendor assessment can be enough to uncover the detail needed to map the flow of consumer data into and out of a business. In others, fundamental change may be needed to accommodate data privacy regulations.
But even with a deep understanding of a business’s consumer data, building out business processes to handle these requests can be fraught with difficulty. “Understanding your data is one thing,” Omiliak continues. “Processing requests efficiently within the timeline outlined in the laws is its own unique challenge.” Each of these requests runs a company around $1,400 on average, particularly when they’re completed manually, and 66% of respondents to a Gartner survey said that processing data privacy requests takes them two weeks or more, bumping up against the legally mandated 45-day SLAs.
In recognition of the challenges that accompany compliance with data privacy regulations, many data privacy vendors have emerged on the market. These vendors offer services including automated data mapping, workflow tools to process data privacy requests, pre-built cookie notices, and customizable privacy templates. These tools can help fill the gaps in your privacy compliance effort and reduce costs through automation of business processes.
However, without a thorough understanding of what your business needs to reach compliance, it can be difficult to determine which provider satisfies your business’s unique needs. It can help to bring in a trusted third-party to provide a thorough analysis of your current privacy compliance stature and help you define and implement your privacy strategy to ease the burden of compliance. Omiliak says, “I recommend looking for a trusted partner that combines security with privacy to give you a holistic data strategy.” W. Capra’s historical focus on security and our burgeoning privacy practice positions us well to assist clients with privacy compliance. For further discussion on consumer data privacy laws and compliance efforts, contact Danny at [email protected].