Many general counsels may consider CCPA compliance to be just another box checking exercise to get through as quickly as possible and move on from. Blue Umbrella's CEO, Allan Matheson, sees it as an important opportunity to create a system of controls over third-party risk areas and strengthen compliance programs overall. He recently contributed an article to Corporate Counsel magazine, where he noted:
"The CCPA—which came into effect earlier this year and becomes enforceable for many companies this month—is going to bring new scrutiny on how these third parties use any customer data to which they may have access. To get fully compliant, you’ll need a system of controls that gives you visibility over your data held by suppliers and other partners so you can make sure it’s properly protected and can be scrubbed when necessary.
But if you’re rolling out data privacy controls over your third-party universe, you can also take the opportunity to review and implement controls in other crucial compliance areas such as IT security and anti-bribery as well.
Rolling out two or three types of controls at the same time makes the CCPA process more efficient and powerful, building a structure that addresses regulatory and reputational risks across the board. The process of mapping your data and partners to understand where the CCPA risks are is extensible to other risk categories. From the third parties’ point of view, it’s less work and hassle to respond to questions across several new control efforts at once rather than having to deal with repeated approaches over different years."
In short, by using CCPA as a catalyst to undergo a complete, 360-degree review of third-party risk areas (also including anti-bribery and corruption, IT security and more), general counsels can lead companies toward a holistic risk management approach that will ensure a much healthier future. It just so happens that Blue Umbrella GRC can help you roll out a third-party compliance program! Curious to see what our technology can do? Watch this video.