Debbie Reynolds Consulting LLC

View Original

“Forget Me Not” Forgotten Data Privacy Deadlines are Bound to Impact Your Business

I get it! Your organization is busy looking ahead at the raft of new laws and regulations that are set to go into effect in 2023, like January 1, 2023, for the California Privacy Rights Act (CPRA) and Virginia's Consumer Data Protection Act (CDPA), July 1, 2023, for the Colorado Privacy Act (CPA) and the Connecticut Data Privacy Act (CTDPA) and December 31, 2023, for the Utah Consumer Privacy Act (UCPA).

However, there is some unfinished business awaiting our organization with laws already in place that many need to be thinking about, like the European Union (EU) Standard Contract Clause (SCCs)  deadline to fully implement these new clauses by December 27th, 2022, California’s California Consumer Privacy Act (CCPA) employee and business to business provisions go into effect on January 1, 2023, and The Gramm-Leach-Bliley Act Updated Safeguard Rule deadline by December 9, 2022

“Forget Me Not” European Union (EU) Standard Contract Clause (SCCs) - Update deadline December 27, 2022

When the new European Union (EU) Standard Contract Clause (SCCs) were released in the summer of 2021, some companies with existing contracts in place breathed a sigh of relief, knowing that existing contracts did not need to be updated until December 27th, 2022. Now that this EU SCC deadline is near, many organizations may scramble to update contracts with third-party vendors and service providers before the deadline. For third parties, expect to see many new contracts of contract addendums related to these updated SCCs before the end of the year. If you are an organization that has not yet started updating your EU SCCs, now is the time to get started. For more information about this topic, please see the five-minute video called Debbie Reynolds “The Data Diva” Discusses Data Privacy and EU Standard Contract Clauses 2021

“Forget Me Not” California’s California Consumer Privacy Act (CCPA) employee and business-to-business provisions go into effect on January 1, 2023.

Organizations that have to comply with California’s privacy laws, like CCPA, may feel very confident in their posture of compliance with this law. However, some organizations have been caught off guard by an employee data provision that was postponed when the CCPA went into effect. This long-postponed provision will go full force on January 1, 2022.  Many thanks to my friend Michael Simon, Lawyer, and Principal at Seventh Samurai, who says,  “CA AB 1112, which would have extended the exemption in the CCPA for employment and B2B personal information past Jan. 1, 2023, has been voted down just as the CA legislative session ends ...The time to get ready is now because there will be HR docs and privacy notices for employees and job applicants (don't forget job applicants!) to get into place before January 1.”  See Michael’s full post here. 

“Forget Me Not”  US Gramm-Leach-Bliley Act (GLBA) Amendments to Safeguards Rule goes into effect on December 9, 2022

Amended rules for how US financial institutions handle data security go into force on December 9, 2022.  Here are a few notable things that organizations need to understand about their expanded obligations, including:

  • Expansion of the Definition of Financial Institution.

  • Single Individual Responsible for the Information Security Program.

  • More Specific Requirements for Risk Assessments

  • Specific Measures

  • Enhanced Security Training and Personnel Requirements.

  • Oversight of Service Providers

  • Requirements for a Security Event

  • Clarification, Expansion, or Modernization of Other Data-Security Related Terms

If you need a five-minute recap of the topic, please view my video, Debbie Reynolds, “The Data Diva”, Discusses The Gramm-Leach-Bliley Act Updated Safeguard Rule 2022

For a deeper dive into what is required, please see the FTC Safeguards Resource and Tandem Mapping to see the specific sections of the rule, which will go into effect in December.

It is good to remember and not forget these important issues to ensure that your organization can continue to make Data Privacy a Business Advantage.

Do you need Data Privacy Advisory Services? Schedule a 15-minute meeting with Debbie Reynolds the Data Diva.