With last week’s passage of the California Privacy Rights Act of 2020 (CPRA), corporate legal departments are most likely rolling their sleeves back up to revisit existing compliance policies and procedures. But while law firms have often proven a valuable resource to general counsel attempting to stay abreast of changes in an increasingly complicated privacy landscape, it’s looking like some companies are mulling the possibility of bringing that kind of help onto the staff payroll.

To be sure, while corporate legal departments have been taking on a larger role in managing their organization’s cybersecurity and privacy posture, they have still largely relied on outside counsel to help navigate regulations and review internal policies. And the CPRA does raise the stakes for business by introducing, among other things, a standalone data privacy authority (DPA) to enforce compliance.