How to manage DSRs under the California Consumer Privacy Act

The California Consumer Privacy Act, or CCPA, goes into effect on January 1, 2020. And even though enforcement actions won’t be taken until July 1, 2020, organizations are facing a fast-ticking clock to make sure they’re prepared to manage consumers’ data subject access requests (DSR.)

But there’s limited information in the marketplace that discusses how to think about DSR in the most strategic way, how to most effectively manage fulfillment, and how to configure tools for maximum success.

During this podcast, Steve Stein, co-lead of KPMG’s Information Governance and Privacy practice, and Nick Schmidt and Keaton Ford, members of the firm’s Cyber Security practice, sat down to discuss the four key aspects of DSR that organizations need to get right:

• Consumer request intake, including the legally acceptable methods, the process behind the intake (e.g., getting all requests into a single repository), and the strategy behind the questions
• Identity proofing, including authentication methods, operationalizing and configuring validation tools, and securing the collected information
• Data discovery, including what organizations should consider when deciding between using a manual approach and an automated scanning tool
• Packaging and producing the data for the consumer, including response strategies and the output methods organizations in different industries are adopting.