ADVANCED ON PURPOSE
An educational blog with purposeful content. We welcome open and polite dialogue, and expect any comments you leave to be respectful. Thanks!
Back to Blog
6 MIN READ
Thanks to an invitation from FormAssembly, the #1 Enterprise Web Form Platform, I presented my insights and best practices on a data privacy webinar on August 21, 2019. Watch the recording and read FormAssembly’s blog here!
The webinar focused on The General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) which will go into effect on January 1, 2020. As FormAssembly’s guest presenter, I spoke to the implications for nonprofit and educational organizations who may not have people or processes in place to specifically track data privacy and how it impacts organizations. The following are some key insights that I shared on the webinar. Whether you are a customer whose data is getting collected, or you work for a company that collects data, this is for you!
Tackle CCPA in Three (3) Steps
The CCPA is chock full of guidance for organizations, however it may be difficult to know how to get started. I suggest the following three steps:
1. First, analyze the data you currently collect and store, and how it is currently being used and accessed. For many education and non-profit organizations specifically, documentation like data dictionaries, information governance policies, and records retention schedules are uncommon and/or out-of-date. These can be extremely helpful to develop as part of your assessment of how CCPA impacts your organization. Examples of questions you may ask yourself are:
2. Second, develop short and long term plans to ensure your organization is in compliance with CCPA. Your analysis will likely bring up ideas and issues to solve right away or in the future. An example of an approach could look like:
3. Third, implement your short term plans and have a plan for the long term. After implementation, evaluate those short term plans and use that experience to inform the long term plans. This should include keeping track of updates to CCPA over time, as well as other relevant legislation. Some additional recommendations:
Questions and Answers
The webinar Q&A gave me the opportunity to drill deeper into the recommendations I made above around short term and long term planning. Find them below!
Q: What does it mean to develop a data dictionary?
A: A Data Dictionary is a document (Word, Excel, Google sheets, etc.) that summarizes the major data elements, their expected formats, and their sources for all data that your organization collects from California stakeholders. Common components include: Source, element/value name, description, data type, field size or character limit, last update date, example value, and validation. Once you have a data dictionary in place, it can be used as a:
Q: What other short and long term plans might we develop?
A: There are two more plans that I think make sense to develop in the short or long term depending on your organization’s capacity:
Q: Who else do we need to involve?
A: Be strategic about who you engage internally and externally so that you have a comprehensive lens around data privacy, without having too many cooks in the kitchen hindering progress. Examples of strategic partners include:
Q: If we could only do one thing right now, what might it be?
AdvancED opinions and recommendations in articles should not be considered as legal advice. That said, my recommendation on how to best start this process includes:
Do you have additional recommendations, or questions, regarding data privacy in California? Contact me!
About Meredith "Mer" Curry
Mer has always had a passion for education and helping historically underrepresented groups achieve access and success to higher opportunities. She has consulted nonprofits, educational institutions, and businesses in addition to her volunteerism and mentorship of students.