The California Consumer Privacy Act, which is the first significant state privacy law passed in the U.S., takes effect on January 1, 2020 and it has broad implications for all but the smallest businesses. Under the terms of the new regulation, California-based companies that either generate more than $25 million in annual revenue, have personal information on at least 50,000 consumers or derive at least half of their annual revenue from selling customers’ personal information must disclose upon request what personal data it collects and whether that data is sold or disclosed. The law also gives consumers the power to have their personal data deleted upon demand.
Iron Mountain has been preparing to comply with the law for some time, and it has defined a seven-step process for doing so. In this podcast, host Paul Gillin speaks with Steve Lester, Iron Mountain’s corporate counsel in its Privacy and Compliance team, and Kelly Matoney a principal partner in Iron Mountain’s Information Governance & Digital Solutions Professional Services group, about each of the seven steps and what other businesses can learn from Iron Mountain’s experience.