Being Proactive About Compliance

Government regulations placed on companies has never been more robust. Privacy laws like the GDPR (General Data Protection Regulation) in Europe, and similar laws being passed in California have local companies scrambling to figure out what they need to remain compliant with these new restrictions and regulations. Many business owners hope that if they ignore it, it might go away, or they may never have to deal with a compliance issue.

Perhaps the industry your business is in has never really had a compliance burden in the past. Unfortunately the days of pretending you didn’t know there was a burden or sticking your head in the sand are gone. Compliance and privacy regulations now effect all business types and industries, especially in places like Orange County, California. The State of California recently placed into law the CCPA (California Consumer Privacy Act). Businesses in California must remain compliant with these rules and regulations despite their size or industry.

Business owners must take action to ensure they are compliant with these regulations before it becomes a serious issue. During a lawsuit is not the time to say you didn’t know what you needed to do to remain compliant. Taking a proactive stance can help protect your company from the negative effects of non-compliance.

The privacy regulations from CCPA defines personal information as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Companies can be proactive about protecting this personal information by:

Determining your compliance burden

The first step is to make sure you understand exactly what compliance regulations you are required to follow. The evolving landscape of data privacy regulations, and a steady drumbeat of headlines about breaches and security incidents, is a top concern of executives. Since the implementation of the EU’s General Data Protection Regulation (GDPR), a patchwork of even more data privacy regulations have passed across the world and in the United States. California’s Consumer Privacy Act (CCPA), modeled on GDPR,
took effect in January 2020. At least 13 other states have passed similar laws impacting nearly 40% of the U.S. population, according to Gartner. By 2023, Gartner says privacy
regulations will cover 65% of the world population.

It is important to understand exactly where your burden lies. Playing ignorant is not going to work in court. There has been plenty of notice given, and using the “I didn’t know better” card might work with your parents, but it is not going to convince a judge. You will be held liable.

Designing your compliance solution

Once you understand the compliance burden placed on your company, you will be able to design a solution that will satisfy the requirements. Most solutions will need to spell out where personal information is stored, and how it can be easily removed when requested. Any and all communication generally needs to be included in the solution, which makes communication archiving especially important.

Additionally, you may need to install or utilize other tools in order to keep personal information safe and secure. Companies must ensure document compliance with tools to set
specific retention rights, create granular policies for determining what data to archive, and for how long. Flexibility is important. Gone is the once-and-done compliance of determining exactly what to cover and designing exactly how to cover it. Today’s compliance processes are continuous, and teams must change them practically on-the-fly.

Deploying your compliance solution

Once you determine the tools necessary, it is time to purchase and install them. Many tools offer “low-touch” administration, which makes them very easy to manage once deployed. The last thing a business owner wants to do is babysit these compliance tools, or worse, have to hire another employee just to manage them. Your solution should be simple to deploy and require very little management on the back end. In an ideal world you wouldn’t even know it was running until you needed to use it.

Once implemented, search capabilities become critically important. When a legal department is notified of litigation, it conducts an early case assessment in-house to identify relevant communications. Often, an outside third party is hired to perform a legal review, determining what data might be relevant so the company can make sure the information is retained and preserved under a financial reporting process known as FRCP. This review process can cost hundreds of thousands of dollars. With powerful and flexible search capabilities in your archive, you can conduct preliminary searches and outsource less of the review, reducing costs.

We have partnered with AppRiver to offer unified information archiving with no import and export data costs. This solution features, a simple but powerful interface that helps you deploy quickly, reduces the burden on end-users, and integrates with your existing environment. It’s cloud-native and exhibits an unusually quick time-to-value.

To find out more about our compliance solutions be sure to sign up for our webinar by clicking the registration button in the orange bar below!