At this point, the phrase “there’s an app for that” is almost definitely a cliché, but in the case of the many, many privacy regulations cropping up around the globe, it’s a cliché that happens to be true.
As luck would have it, the forthcoming California Consumer Privacy Act (CCPA) is both similar and just different enough from the General Data Protection Regulation (GDPR) to pose a whole new set of threats to companies dealing and consumer data, which means that you should expect to see a new slew of compliance tools on the horizon.
“I think that companies are trying to figure out, ‘Well, I can’t spend infinite dollars to address this issue. How do I take a finite budget and address these issues?’” said Tomu Johnson, an attorney with Parsons Behle & Latimer and CEO of its subsidiary, Parsons Behle Lab.
Johnson’s company created CCPA IQ, a compliance solution that echoes the similarly named GDPR IQ tool Parsons Behle Lab released early in that regulation’s lifespan. Think of it like any one of the dozens of iterations on Coca-Cola—the originally recipe tweaked as needed to achieve the desired flavor.
When it comes to a solution like CCPA IQ, that meant paring back on redundant elements such as privacy-by-design (which is exclusive to the GDPR) and building in more intelligence to address the increased specificity the CCPA requires companies to provide with regards to the information they’re collecting from consumers.
“We bolster up and add new logic and new questions in order to get at, what are the specific pieces of information that you are gathering from people? Bolster up some of the trade because there are specific trading requirements under the CCPA,” Johnson said.
Parsons Behle Lab isn’t the only provider looking to serve as an ice pack for compliance pain points. Earlier this week, TrustArc announced new features within its platform that were designed specifically in response to California’s incoming privacy regulations.
Dave Deasy, the company’s senior vice president of marketing, said TrustArc was able to gain tremendous leverage from their preexisting GDPR compliance products as they looked towards the CCPA. Especially useful were mechanisms that had been developed to create data inventories and flows, a necessary first step in the journey towards either CCPA or GDPR compliance.
He thinks the CCPA opens up a new market of potential customers that can be placed in to two buckets. In the first, there are institutions—banks, healthcare companies, utilities—that don’t maintain a significant presence in Europe and thus didn’t invest much in GDPR compliance.
“You have a whole wave of companies that are starting to deal with these very broad and complex complaints just for the first time,” Deasy said.
Other potential clients for CCPA compliance apps are companies who put off GDPR prep until the last minute and were forced to put a lot of the necessary framework into place manually in order to make the compliance date. Having learned a lesson the hard way the first time around, they may be more inclined to seek out a technological assist for the CCPA.
“You’re seeing companies kind of go back and look at things and say ‘OK, we did a lot of this manually the first time around. We really can’t afford to do it manually again,’” Deasy said.