Are you aware that the GDPR (General Data Protection Regulation) was enacted by the European Union to help protect consumer information? Yes, the GDPR is a good step forward in safeguarding the data of individuals. In the United States, there have been comparable attempts by both the federal government and states to protect data of consumers including (but not limited to) healthcare privacy data protection (such as HIPAA), the Children’s Online Privacy Protection Act, Family Education Rights and Privacy Act (FERPA) and various similar state-enacted consumer protection laws (to name a few).
The federal and state governments are indeed taking noteworthy steps in the interest of protecting consumer data. However, California has notably stepped up the game with the California Consumer Privacy Act. The California Consumer Privacy Act (CCPA for short) creates new consumer rights related to the access, management, and deletion of personal data that is collected by a business.
Although this article is not legal advice (as you should always retain an attorney in your state) and does not cover each aspect of the CCPA, it may be used as a guide for paralegals on how to configure Contract Insight® Contract Management Software to get ready for the CCPA.
Determine CCPA Obligations and Compliance
First, your attorney should help your business determine if any of your contracts or obligations are subject to the terms of the CCPA. As discussed in the CCPA Fact Sheet, the CCPA applies to businesses that:
- have annual gross revenue of $25 million or more;
- buy, sell, or receive personal information of 50,000 or more consumers, households, or devices;
- derives 50% of their annual revenue from selling personal information of consumers (to name a few).
The CCPA also requires businesses to provide notice to consumers when they collect personal data, and enact right to opt-out, right to know, and right to delete options and respond to said optional requests within a specific time frame. In the interest of making the opt-out request process accessible and transparent, businesses must provide a “Do Not Sell My Info” link on their official website or mobile app. As further defined in Chapter 20 of the California Consumer Privacy Act Regulations, a business may be required to offer dual methods for consumers to opt-out, update, access and/or delete their data.
With CobbleStone ContractInsight® Contract Management Software and advice from your legal counsel, your legal team and risk managers can track data processing agreements (and other agreement records) to help determine if a contract may be subject to CCPA.
Improve the Contract Review Process with Configurable Contract Data Fields
Typical agreements are drafted and routed to a paralegal or contract administrator for contract review. Often, the contract data is entered into contract data fields related to the contract, and these fields form a contract record. The contract records allow for the actual agreement document (or documents) to be attached. This process streamlines contract reviews. With ContractInsight® Software, you can define your own configured fields and assign contract fields by Contract Type.
For tracking CCPA-related risk, it is suggested (at a minimum) to add additional contract data fields related to software agreements, license agreements, consumer-facing applications (blog software, e-mail marketing tools, websites, product registrations, warranties, surveys) and the like. These fields should answer questions such as:
1. Is consumer data being processed?
2. Will your organization collect over 50,000 consumer records or related data?
3. Is there revenue related to consumer records?
4. Will your organization or the supplier sell or manage over 50,000 consumer records?
5. Does your organization or the supplier access private consumer data?
6. Does the vendor of a contract have an opt-opt option and methods for the consumer to access, manage, and/or request the deletion of their data?
7. Other data field information requested by your organization’s legal counsel.
To make the process easier for legal review and compliance, configure a contract workflow with Contract Insight® Software.
Using VISDOM® AI for Contract Legal Discovery
For advanced users of Contract Insight® Enterprise, CobbleStone allows organizations to leverage Contract VISDOM Artificial Intelligence. This intelligent contract management AI solution can help a large organization or contract manager by locating, importing and finding text in a mass of contract documents that contain the term(s) “consumer,” “data,” “end-users,” and other related terms.
To summarize, ContractInsight® Software and some basic field configuration make it easy to help track and mitigate risk related to the California Consumer Privacy Act.
About CobbleStone Software
CobbleStone Software provides Contract Insight® Contract Management Software as a cloud-hosted (SaaS) or deployed (on-premise) solution. Contract Insight® Software is used by thousands of legal professionals for their contract management software needs. Founded in 1995, CobbleStone was among the first and most experienced companies to offer a contract management software product, and we continue to be a leader with full contract lifecycle management software.
Discover CobbleStone’s Contract Insight® Contract Management Software.