Data Ethics

CCPA Webinar Recap: Your Burning Questions Answered

December 16, 2019  |   LiveRamp

Our panelists, Tara Aida, Product Manager, Data Stewardship, LiveRamp; Tim Geenen, General Manager, Privacy & Consumer Experiences, LiveRamp; and Justin Antonipillai, CEO, WireWheel; along with moderator Lauretta Lu, Privacy Counsel, LiveRamp, answer questions about the CCPA.

Tick tock til
CCPA o’clock—the California Consumer Privacy Act takes effect in less than a month. From the volume of questions we received during our ask me anything session, many in our audience are still working on their compliance strategies and definitely need to talk to their privacy team or legal counsel more—maybe take them out for lunch on January 28, Data Privacy Day?

If you missed our webinar, you can watch it on demand now. Here are three of the top questions asked and their answers:

What has LiveRamp done to become CCPA compliant?

“We’ve kicked off many workstreams,” said Tara Aida, Product Manager, Data Stewardship, at LiveRamp. “One of the major things we’ve been working on is ensuring we’re building out product features and systems that allow us to respect all of the key requests consumers are making under the CCPA, specifically opt-out, deletion, and subject access requests.” 

Tara also shared that our platform is built to handle requests from consumers, clients, and partners, and LiveRamp has kicked off broad CCPA training for all employees.

How does someone handle a data audit?

“From our perspective, which is very much from a cookie perspective, we create an audit ID per consumer. That audit ID keeps track of all the settings in the consent management platform: which version of the privacy policy was displayed, the time stamp, the website—it looks at the exact configuration of what was presented to that consumer,” said Tim Geenen, General Manager, Privacy & Consumer Experiences, LiveRamp. 

This helps companies being audited not only show when a customer took a specific action regarding their data, but also recreate the exact scenario in which they did so. 

What’s going on with CCPA 2.0?

Given the amount of questions we got related to the CCPA, it’s a fair bet that many companies have yet to consider the potential ramifications of what’s being dubbed CCPA 2.0, a second ballot initiative that Californians will vote on in November 2020.

“If you look at the polls, I think most folks believe strongly that this next version of CCPA has a really high chance of passing late next year,” said Justin Antonipillai, CEO, Wirewheel. Some aspects of CCPA 2.0 mirror parts of the European Union’s General Data Protection Regulation (GDPR) and Brazil’s General Data Protection Law. We’ve heard shades of this before when Noga Rosenthal, Chief Privacy Officer at Ampersand, shared on the RampUp podcast that some states drafting privacy laws are “merely copying and pasting CCPA into their law.”

This means that companies that have prepared for GDPR and Brazil’s law may have somewhat of a leg up, but of course, this doesn’t mean that compliance with one law equates to compliance with another. 

“My sense is you should assume this will pass and that it will bring in a lot of the use, enforcement, and treatment around sensitive data into the California law late next year,” Justin concluded.

Become best friends with your privacy professional

As mentioned on stage at RampUp New York, CCPA compliance can’t be done in a vacuum. There were a lot of questions we received during the webinar that we couldn’t answer as they related specifically to the attendee’s business and compliance strategy. These should be directed to an internal privacy and legal team for advice on compliance with the CCPA. Now is the time to make cross-team connections and ensure that your questions are being answered and voice is being heard.

If you have any additional questions about the CCPA as it relates to LiveRamp, email, or register to attend RampUp 2020 where we have two full days of content dedicated to data ethics and privacy regulations.