Calif. Agency Closely Scrutinizing Data Subject Request Processes, Say Lawyers
The California Privacy Protection Agency’s Honda enforcement order “signals an intent to hold businesses accountable for their data subject request processes,” Polsinelli attorneys blogged Monday. Honda agreed to pay $632,500 and change various privacy practices as part of a settlement with the CPPA, which was unveiled last week (see 2503120037).
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
To mitigate risk of receiving similar penalties, businesses should revisit processes for responding to data subject requests, ensuring that verification processes are “appropriately tailored,” the Polsinelli lawyers wrote. Also, companies should make sure they have a process for “receiving, verifying and responding to data subject requests,” review vendor contracts for required privacy elements, and make sure cookie management platforms have “simple and symmetrical” opt-out processes.