Privacy regulations have a huge impact on an organization’s discovery processes. Organizations have to assess potential conflicts that arise from how they use customer data in the age of the GDPR and upcoming California Consumer Privacy Act (CCPA).
With the CCPA that will come into effect on January 1, 2020, the GDPR has effectively come to the United States. The CCPA is the next step in the ever-changing landscape of tactics to protect consumer data. This new privacy law gives consumers more protection and understanding of how their data is being collected and used, which ultimately gives them control of their data.
In the upcoming webinar “eDiscovery under the CCPA” Malia Rogers, David Stauss and Bob Bowman from law firm Husch Blackwell guide you through the most important aspects of the CCPA. They will provide insight in the key elements of the CCPA and explain the main similarities and differences between the CCPA and GDPR.
The takeaways from this webinar will be a good starting point to prepare for the impact this comprehensive consumer privacy law and related privacy regulations can have on the eDiscovery practices of your organization. Some important reasons to prepare are outlined below.
Know where your data is
To be compliant with privacy regulations, an organization should always be able to identify exactly where data is stored. It does not matter whether that data is in its own data centers, in the cloud or with a third party: if you collect and store personal data, you are responsible for that data at all times.
Be prepared for access and deletion requests
The implementation of strict privacy regulations like the GDPR and CCPA add a very important driver for eDiscovery. Under these regulations, consumers, citizen and even former employees can execute their right to access that data at all times. And they can further follow-up with a request to delete that information.
Whether it is called the “Right of Access” (GDPR) / “Right to Know” (CCPA) or the “Right to be forgotten” (GDPR) / “Right to Delete” (CCPA), you need to be able to show what data you hold on the requester and also need to be able to demonstrate that you can remove that data, if requested. And typically within very tight deadlines.
These new rights out-date the perception that you only need eDiscovery in cases of litigation. All companies that store personal information need to have a combination of data classification and eDiscovery in place to comply with these kinds of requests.
The need to use eDiscovery technology
Using technology proactively helps you prepare for the implications of privacy regulations and leads to better, faster, more efficient and less disruptive handling of GDPR or CCPA access requests. eDiscovery technology supports you to:
- Locate relevant data and redact all personal information related to other individuals mentioned in the same content;
- Collect information directly from the relevant sources (Microsoft Office 365, email boxes, file shares, libraries in SharePoint);
- De-duplicate the information: up to 80% of all documents are duplicates, eliminating those automatically saves a huge amount of work;
- Automatically unpack containers of files (ZIP, PST, NSF) and make every individual component searchable;
- Enrich non-searchable data such as images, scanned files, non-searchable PDFs or media files so every component can truly be searched;
- Analyze, classify and organize information for fast review;
- Use auto-redaction to anonymize or pseudonymize personal and confidential information;
- Automatically convert all electronic file formats to one common format and burn in redactions.
Do not forget to join the upcoming webinar “eDiscovery under the CCPA” or contact us for more information, a demo or a free trial of our solution.