Exterro - Conquering a CPRA Data Retention Strategy in 60 Days

No comments

The California Privacy Rights Act (CPRA) comes into effect on January 1, 2023. Among its new requirements is a new data retention provision. Personal and sensitive information must be disposed of when its purpose has been fulfilled, and the organization must disclose the retention policy at the time of collection. And the data retention policies apply to data collected on or after January 1, 2022. Under CPRA, companies can no longer simply hold on to individuals’ personal data forever, they must have robust data retention and disposal practices.

Every organization has data retention policies, but very few actually operationalize them. CPRA shines a light on these practices, and holds organizations accountable for them. The regulation also establishes a new enforcement agency, which indicates increasingly vigorous enforcement as CPRA goes into effect. Data breach risks are also heightened, as litigators can easily show negligence when data has been kept beyond its retention period.

Timing

Thursday, 23 September, 07:00 PM - 07:45 PM (BST)

View the agenda

Moderator

Rebecca Perry, Director of Strategic Partnerships - Exterro

Speakers

Chris Costello, Senior E-Discovery Attorney - Winston and Strawn LLC

Eric Shinabarger, Associate Attorney - Winston and Strawn LLC

PrivSec Global

No comments

Session
Operationalising Data Retention to Reduce Data Risks

It is estimated that up to 70% of an organisation’s unstructured data is redundant, obsolete and trivial, which creates enormous risk to potential cyber threats, as well as exposure to regulations such as the GDPR for non-compliance in handling and deleting data accordingly. Data you do not have cannot be breached, it isn’t discoverable in litigation or investigations, and it doesn’t require any efforts to store, secure, or manage effectively.
Session
Global Data Protection and Privacy Law Developments: How Ready is China and the World for their new Data Security Law?

China’s Data Security Law contains provisions that cover the usage, collection, and protection of data in the PRC. Violations will trigger penalty fines and even suspension of business and revocation of license or permits.
Session
Why Most CCPA Cases Will Fail: Five Hurdles Plaintiffs Must Clear

The California Consumer Privacy Act (CCPA) is a landmark U.S. privacy law with many laudable features. But the law’s private right of action is not among its strongest provisions. The CCPA’s private right of action only grants consumers who have suffered very specific data breaches a limited right to sue. However, this has not stopped law firms trying to force through legal challenges against businesses that have violated irrelevant parts of the CCPA.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from Agenda

Session
AI Regulation: Stifling Innovation or Not Going Far Enough?

There are a number of ongoing discussions surrounding whether AI can be trustworthy or that now is the time to harmonise AI principles, but what does regulation mean for Artificial Intelligence and Machine Learning?
Session
Global Data Protection and Privacy Law Developments, Canada; Reforms, regional developments, and new regulations: How Canada is developing their Data Protection Laws

A huge number of firms in Canada are preparing themselves for changes to the Data Protection and Privacy Laws in Canada, but are these reforms going to happen?
Session
Social Media Data Breaches: Serious or Just a “Scrape”?

In August, Facebook suspended the accounts of NYU researchers who were investigating political ads on the social media platform. Facebook stated that the researchers were “gathered data by creating a browser extension that was programmed to evade our detection systems and scrape data such as usernames, ads, links to user profiles”. But the discussions and arguments around scraping does not end there, as there are endless questions on its legality, and the fact that big companies use this BUT don’t want it used against them.

Exterro - Conquering a CPRA Data Retention Strategy in 60 Days

Timing

Moderator

Speakers

Related articles

Operationalising Data Retention to Reduce Data Risks

Global Data Protection and Privacy Law Developments: How Ready is China and the World for their new Data Security Law?

Why Most CCPA Cases Will Fail: Five Hurdles Plaintiffs Must Clear

No comments yet

Only registered users can comment on this article.

More from Agenda

AI Regulation: Stifling Innovation or Not Going Far Enough?

Global Data Protection and Privacy Law Developments, Canada; Reforms, regional developments, and new regulations: How Canada is developing their Data Protection Laws

Social Media Data Breaches: Serious or Just a “Scrape”?