Documente Academic
Documente Profesional
Documente Cultură
TO CALIFORNIA
CONSUMER PRIVACY
ACT (CCPA) FOR
RETAILERS
BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK
company limited by guarantee, and forms part of the international BDO network of independent member firms.
With you today
New privacy and data Data breaches & hacks lead to Implementations of AI,
protection laws and regulations adverse media attention, Blockchain, Robotic Process
(with teeth) are being drafted business disruption, customer Automation, Internet of
and taking effect in the US, EU trust erosion, goodwill and Things etc. are bringing
and across the world reputation loss, criminal and about new and different uses
civil penalties and costs, of personal data and privacy
complaints and lawsuits and concerns
loss of revenues
Source: https://www.sas.com/content/dam/SAS/documents/infographics/2018/en-data-privacy-109964.pdf
PRIVATE RIGHT OF ACTION AND PER CAPITA FINES UP TO $750 PER RECORD
0 1 2 3 4 5 6 7
• Understand • Assess, •Inventory • Categorize • Build • Implement • Finalize & • Implement
current and develop and map data consumer privacy-by- roll-out overall program
future strategy, personal self-service design self-service and expand into
• Evaluate
regulatory define in- information program practices model an enterprise
incentive
obligations scope privacy
• Evaluate plans for • Develop • Renegotiate • Roll-out
processes governance
current state sale of PI consumer vendor consumer
and data program
security response agreements response
• Security
• Third-party portfolio center ops center • Iterate, govern
roadmap
assessments, (as needed)
plans and improve
PIA’s, DPIA’s
(as needed)
.
UNDERSTAND THE DATA MINIMIZATION
OVERLAP OF PRIVACY
REGULATIONS
Consumers impacted by
a violation of CCPA may Negative coverage in the
lose trust and Loss of ORGANIZATIONS media may impact a
Reputational
confidence in the Consumer REQUIRED TO current or potential
Harm
organization’s ability to Trust COMPLY WITH patient’s impression of
safeguard personal the organization.
CCPA
information.
Lack of a fully
implemented privacy and
security program may Course Incidents and/or breaches of
result corrections action. Correction Legal personal information may result
Human and financial and Taking Proceedings in lawsuits and other legal
resources will be needed Action proceedings in addition to the
to correct existing actions of the CA AG.
issues.
Evaluate data
governance and
privacy maturity
Consider your
online presence Create a data
and related inventory
policies
Adopt a
framework (GAPP,
Privacy Shield,
ISO, ISACA or
other) and
organize the
privacy program