Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 41 minutes
Hello, everyone, and welcome to Module four of 10. As we discussed the notice and transparency obligations established by the C C p A.
A programming note for you. This is where we are in our course outline. We started the course by reviewing the history of the C C p. A and why the law came into existence
in module to. We then transferred into discussing the scope of the law, the businesses that are subject to it, the geographic application of the C C P. A and the definition of personal information.
Then, in Module three, we jumped into the actual privacy obligations that are established by the law.
The first thing we reviewed in Module three was the consumer rights
in Module four. We will review the notice and transparency requirements established by the C C. P. A.
Let's jump right into it.
is to explain to the world how your business handles personal information
when you think back to Module one and why the CCP even came into existence. You understand very quickly why privacy policies are so important.
Because privacy advocates, the consuming public and anyone else just generally interested in how their information is handled is going toe have no idea what recourse they have or how information is stored, how long it saved all those things unless the business declares in some sort of
public facing way. How that happens,
Now let's move on from the Golden Rules and discuss some helpful hints
at work. I probably come across this in some way once every other month or so.
It's quite embarrassing for the privacy professional at the business when they have to finally admit that they simply
If you are going, however, to need to start somewhere and you can't start from scratch, I do think that there is a happy medium
No, that is not me giving you a blessing to copy and paste what they put. But
it can be helpful as a useful starting line or guide post to see how information is handled there
and again with the main caveat.
Making sure that it lines up with your data handling practices at your company.
What is rather reviewed and collectively drafted by several service lines.
It is normally driven by, I have to admit, some sort of legal counsel.
It could be your
There are also privacy advisors, including privacy consultants such as myself,
We might even take the lead in that
leverage that resource, if you have it
that truthfully is probably about a third of my life. It's dedicated to drafting privacy policies.
you must always, and this is something I make a point of doing.
Get the violin from the key stakeholders at your company.
Your CSO, the chief information security officer,
Information, security and privacy are the opposite sides of the same coin.
They both need to be involved in this public declaration of how information is handled.
It's going to be I t. That has the most intimate knowledge of the network in archival procedures and data retention and data loss prevention protocols.
It's not just I t. That needs to be involved.
Groups, including and especially marketing your business operations. If you have a privacy department, obviously include them. Of course,
Previously, I stated that employee data is outside the scope of the C C. P A.
And for now, it ISS,
though there are amendments that will likely change that in the future.
If your business has exposure to the GDP are or other privacy laws in the world. You absolutely need to include human resource is.
In summary, in less than 4.1, we discussed why privacy policies exist.
They provide the consuming public and regulators Ah, better understanding of your data handling practices at your business.
It is one of the main reasons why the CCP A also came into existence.
It is to inform the consuming public of how information is handled
It's rather a collaborative effort.
I highly recommend, including not just i T, but marketing and other service lines that frequently are called data stewards who are responsible for handling information within the organization.
the first and foremost is making sure that it matches up with the rial world handling of information
We will now jump into less than four point to where we discuss the specific privacy obligations that the C C P A requires.
I'll see you in the next lesson.