PODCAST

How to manage DSRs under the California Consumer Privacy Act

Steve Stein, Nick Schmidt, and Keaton Ford talk about data subject access requests as required under the California Consumer Privacy Act.

The California Consumer Privacy Act, or CCPA, goes into effect on January 1, 2020. And even though enforcement actions won’t be taken until July 1, 2020, organizations are facing a fast-ticking clock to make sure they’re prepared to manage consumers’ data subject access requests (DSR.)

But there’s limited information in the marketplace that discusses how to think about DSR in the most strategic way, how to most effectively manage fulfillment, and how to configure tools for maximum success.

During this podcast, Steve Stein, co-lead of KPMG’s Information Governance and Privacy practice, and Nick Schmidt and Keaton Ford, members of the firm’s Cyber Security practice, sat down to discuss the four key aspects of DSR that organizations need to get right:

  • Consumer request intake, including the legally acceptable methods, the process behind the intake (e.g., getting all requests into a single repository), and the strategy behind the questions
  • Identity proofing, including authentication methods, operationalizing and configuring validation tools, and securing the collected information
  • Data discovery, including what organizations should consider when deciding between using a manual approach and an automated scanning tool
  • Packaging and producing the data for the consumer, including response strategies and the output methods organizations in different industries are adopting.
Steven Stein

Steven Stein

Principal, Cyber Security Services, KPMG US

Nicholas Schmidt

Nicholas Schmidt

Sr Associate Advisory, Cyber Security Services, KPMG (US)

Keaton Ford

Keaton Ford

Sr Associate Advisory, Cyber Security Services, KPMG (US)