International law firm Dorsey & Whitney LLP announced today that it is
offering three levels of assessment and compliance packages to help
businesses comply with the enacted California Consumer Privacy Act
(CCPA). The packages, called BASIC, BASIC+ and READY,
provide options for legal services based on clients’ particular needs in
preparing for the CCPA, which goes into effect on January 1, 2020.
This new law marks a dramatic sea change in American privacy law as it
imposes significant new burdens on organizations that collect data on
California residents. In addition to requiring businesses to update
privacy policies and processes for dealing with personal information,
the CCPA also, for the first time in US history, imposes class action
statutory liability against organizations that suffer a data breach
after failing to implement reasonable security practices and procedures.
In response to the requirement that organizations develop “reasonable
security practices and procedures” to help prevent data breaches and
defend themselves from forthcoming class actions in California, Dorsey
has developed a suite of packages to help businesses move toward this
standard. Dorsey will work side by side with leading technical security
industry organizations to offer comprehensive assessment and remediation
advice and services for businesses. Included in those cutting-edge
offerings are the services of edgescan, which provides vulnerability
assessments with each package level. Dorsey also offers custom packages
that align with an organization’s budget and goals.
Chair of Dorsey’s Cybersecurity, Privacy and Social Media Practice
Group, Jamie Nafziger, said, “Given the large financial risk CCPA poses
for companies interacting with California residents, we designed these
packages with a risk-based approach. Security practices and procedures
will be of the utmost importance under the CCPA due to the risk of class
actions with per-record statutory damages. After helping numerous
clients comply with GDPR, we were inspired to offer some fixed-fee
options for CCPA-related compliance projects. We look forward to working
with our clients to reduce their risk under this new law.”
Dorsey’s entry-level package is designed to provide clients with an
initial assessment as to their existing information security and privacy
gaps for not only CCPA compliance, but also for their overall posture.
This fixed-fee package includes the essential components of what an
organization would need to determine its next steps toward building an
information security program that will meet emerging legal requirements.
Dorsey’s primary assessment package will provide clients with a more
complete understanding of their existing compliance gaps while also
providing clients with several key deliverables to put them on the path
toward full CCPA compliance.
Dorsey’s full CCPA compliance package is designed to fully
operationalize compliance with CCPA imperatives, remedying issues
identified as part of the CCPA Basic and Basic+ assessments. This
package includes all items contained in the Basic+ package and is
custom-tailored to equip individual businesses to meet the demands of
Eoin Keary, CEO of edgescan, stated, “We are excited to be working with
Dorsey & Whitney in bringing such innovative and comprehensive CCPA
offerings to their clients. At edgescan, we provide fullstack
vulnerability management to protect the clients’ assets with expert
validation, providing both peace of mind and tools that promote
compliance with CCPA.”
For businesses that need to determine the extent to which the law
applies to them and assess their current CCPA compliance posture, Dorsey
will be launching an on-line assessment tool on its website in June 2019.
Dorsey also continues to publish timely CCPA updates on its website.
Updates can be accessed here.
Dorsey’s Cybersecurity, Privacy & Social Media practice group advises
clients on a wide range of issues including compliance with state and
federal laws, data breach responses, and litigated matters. The firm
continues to advise numerous clients on the European Union’s General
Data Protection Regulation (GDPR), another sweeping change in the
privacy landscape that went into effect in 2018.
About Dorsey & Whitney LLP
Clients have relied on Dorsey since 1912 as a valued business partner.
With locations across the United States and in Canada, Europe and the
Asia-Pacific region, Dorsey provides an integrated, proactive approach
to its clients’ legal and business needs. Dorsey represents a number of
the world’s most successful companies from a wide range of industries,
including leaders in banking & financial institutions, development &
infrastructure, energy & natural resources, food, beverage &
agribusiness, healthcare and technology, as well as major non-profit and
edgescan is a vulnerability management service (SaaS) which continuously
identifies cyber security vulnerabilities across the #fullstack,
provides continuous system visibility and provides support to
understand, prioritize and mitigate cyber security risks on a continuous