However, between the often-vague language, multiple amendments and new regulations, compliance, it seemed, felt like something of a moving target.
But that’s where Loeb & Loeb came in.
First, we had to get up to speed—quickly and in real time—as the legislation was evolving. And at first, it seemed like there were more questions than answers.
Among other things, the CCPA introduced a new concept—the “sale” of data—that required companies to reevaluate uses of data that were often critical to the success of their business. There were also transparency obligations and consumer rights in the CCPA that meant companies had to take a closer look into how they collect, store and leverage data to their business advantage: How do you value consumer data? How can we continue to offer content or services for “free” in the face of an opt-out? How should we treat our partners? How does the corporation balance the legal requirements versus the public considerations of the general privacy outlook and overall ethos of the company?
We realized that, in a lot of ways, clients would have to build (or sometimes rebuild) their privacy practices from the ground up. Next, with our in-depth knowledge of the data-driven economy, we got to work helping clients figure out how to operationalize coherent privacy and data strategies against a backdrop of what felt like ever-changing requirements and interpretations.
Take our work for the U.S.’s leading health care companies and financial institutions. Clients in federally regulated industries face unique challenges when it comes to the CCPA. Does the CCPA even apply to them? We have had to adopt a thoughtful approach while taking into account these very difficult questions, identifying the universe of data and use cases through dozens of internal interviews, reviewing workflows, partnering with third-party providers subject to the CCPA, and structuring the privacy program to account for those distinctions.
For our clients in the advertising ecosystem, the CCPA represented an introduction of regulation where formal regulation did not previously exist. Companies with complicated data flows and relationships turned to us to reexamine their data sharing practices, putting both new contractual obligations and auditing processes in place as well as implementing technical updates to help honor consumer rights.
And these were just a few of the types of clients we helped, and continue to help each day.
With the CCPA, the California Consumer Privacy Rights Act and similar sweeping privacy laws under consideration by many other states, it feels like the gray area in privacy law is just getting larger. But no matter what, we’re always going to have our finger on the pulse of regulatory changes shaping the data-driven economy.