For companies still conducting business remotely, the days leading up to the July 1 enforcement date for the California Consumer Privacy Act (CCPA) will be busy -- putting in place essential elements to comply with the country’s most comprehensive privacy law and trying to anticipate amendments to come. We have written elsewhere about privacy data maps, typically manifest as tables detailing the information a company possesses and the path it travels through various systems before landing in its final storage location. But little attention has been paid to the data map’s counterpart: a company’s records retention schedule. While tools like a data map are important elements of successful CCPA compliance, an important preliminary step is to make sure your business has a strong foundation in place, including a functional records retention schedule.
The same angst many companies experienced as the effective date for the California Consumer Privacy Act (“CCPA”) approached is resurging again as they prepare for the July 1 enforcement date. The Office of the California Attorney General Xavier Becerra estimates that compliance with the CCPA could cost businesses as much as $16 billion over the next 10 years. The Act is intentionally vague when it comes to how companies should operationalize requirements described in the law, allowing businesses to account for their unique resources and limitations. Some organizations may be tempted to pause in their preparations while California awaits the fate of the proposed California Privacy Rights Act (“CPRA”). If the CPRA is ultimately included on the California November 2020 ballot, voters will likely support the expanded law, although it will not take effect until January 1, 2023. Regardless of what happens in November, it is important to focus on compliance with the existing law now. One...
More than ever, information governance is critical. With companies and organizations working to manage the economic fallout from the COVID-19 pandemic, information governance professionals are more essential than ever. While the pandemic is sweeping the country and world, information governance professionals have a responsibility to step up and provide leadership by helping their organizations avoid or mitigate some of the information governance challenges likely to arise from the pandemic.
Managing a records retention and disposition program is one of the chronic challenges for any organization in the information age. Businesses and government agencies of all sizes are seeking to implement or improve these programs due to increased risk of cybercrime and data breaches, the complexities of complying with a variety of data privacy laws and regulations worldwide that dictate how long personally identifiable data can be retained, and the desire to reduce their data footprint in order to cut back on their storage expenses however possible.
At this year’s annual ARMA Live! Conference in Anaheim, we conducted an informal survey of the 300+ visitors to our booth, asking a single question: “What is your greatest information governance challenge today?” We received a variety of responses including:
As law firms recognize the growing importance of an information governance (IG) strategy, they are beginning to think about how they can transform traditional records management (RM) staff into true IG professionals. This shift, which is driven by increasing regulatory demands and pressure from clients for stronger security, is making firms realize that IG requires a much broader set of skills than records management.
Over the course of this IG blog series, we have examined how the IG professional can align their IG program to directly support the mission and vision of their organization. Several case studies helped illustrate how this alignment allows the IG / RIM professional to contribute to the bottom line in meaningful ways. In this post, I am taking a deeper dive into a very specific challenge that most multinational organizations face today: compliance with the soon-to-be-effective GDPR imperative. During our annual roundtable events, we surveyed clients regarding their level of engagement with their organizations’ GDPR initiatives, and learned that a surprising 45% said they had minimal to no involvement at all.
In today’s world of never-ending data growth, privacy breaches and cyber-attacks, and growing legal and regulatory oversight, an IG professional’s job is challenging enough. But when an organization acquires or divests an entity or even a product line, the IG professional faces an additional set of challenges as new data may need to be integrated into systems and applications, existing data may need to be segregated and separated, and other data may require sharing or redacting.