Recently, we have seen a remarkably fast uptake in law firms’ adoption of Microsoft Teams as their preferred collaboration platform. In fact, it is not a stretch to predict that it is no longer a matter of if law firms will implement Teams, but when they will do so. And while there has been a lot of messaging around implementing and using Teams in the legal industry, there has been nothing about the real work that is required for governance and compliance. Implementing, provisioning and managing Microsoft Teams is only part of what needs to be done. Teams is complex and, as a preliminary step, it is important for law firms to develop the appropriate policies, procedures and controls within Microsoft Office 365 to ensure they are ready for a secure and compliant Teams roll-out.
For companies still conducting business remotely, the days leading up to the July 1 enforcement date for the California Consumer Privacy Act (CCPA) will be busy -- putting in place essential elements to comply with the country’s most comprehensive privacy law and trying to anticipate amendments to come. We have written elsewhere about privacy data maps, typically manifest as tables detailing the information a company possesses and the path it travels through various systems before landing in its final storage location. But little attention has been paid to the data map’s counterpart: a company’s records retention schedule. While tools like a data map are important elements of successful CCPA compliance, an important preliminary step is to make sure your business has a strong foundation in place, including a functional records retention schedule.
The same angst many companies experienced as the effective date for the California Consumer Privacy Act (“CCPA”) approached is resurging again as they prepare for the July 1 enforcement date. The Office of the California Attorney General Xavier Becerra estimates that compliance with the CCPA could cost businesses as much as $16 billion over the next 10 years. The Act is intentionally vague when it comes to how companies should operationalize requirements described in the law, allowing businesses to account for their unique resources and limitations. Some organizations may be tempted to pause in their preparations while California awaits the fate of the proposed California Privacy Rights Act (“CPRA”). If the CPRA is ultimately included on the California November 2020 ballot, voters will likely support the expanded law, although it will not take effect until January 1, 2023. Regardless of what happens in November, it is important to focus on compliance with the existing law now. One of...