Jean-Marc Chanoine, global head of strategic accounts & legal counsel at Templafy.

On Jan. 1, the California Consumer Privacy Act will go into effect, governing how companies can use consumer data and allows consumers to collect between $100 and $750 per violation. Jean-Marc Chanoine, head of strategic accounts and legal counsel at Templafy in New York, said the fines in the CCPA are real and the public relations fallout of not being compliant with the law can be more costly than the fines.

Chanoine spoke with Corporate Counsel on Friday about best practices in compliance, the importance of leadership understanding how data is used, and the likelihood of a federal data privacy law.

This conversation has been edited for length and clarity.

Corporate Counsel: What are some best practices companies took to become compliant with the CCPA?

Jean-Marc Chanoine: The first piece was understanding what you were doing as it relates to consumer data and outreach. When I say 'organization,' I'm talking about leadership. So do your people on the ground actually know what they're doing with the information? Just because an organization is doing something doesn't mean that leadership is aware of it.

I think the second thing is to make sure you have the technology and capabilities in place in order to do that type of monitoring. Then you have to make sure you have the right people in place. You really have to look at it from a people, technology and process perspective. You have to hit all three buckets in order to be successful.

CC:  At this point, is it fair to say that most companies impacted by the CCPA should be compliant with it?

JC: Yes. The modifications to your system should be in place. From a change management perspective and from a technology perspective you really should be done by now. However, it's never too late. The fines are real and the consequences are real. It's not just the fines piece, it's also the public relations piece that can be incredibly damaging.

CC: Do laws like the CCPA force leadership to understand how the data they collect is being used? 

JC: Absolutely. Every concern comes down to dollars and cents. California is essentially a national law. The public relations fallout may be bigger than the fine they face. If you don't know how that data is being used, it can cause a major issue.

CC: Have you noticed an uptick in companies hiring additional in-house counsel or compliance professionals because of the CCPA?

JC: What I can see is that I've seen it become a major concern. I do know there is a conversation about it. Negligence is no longer an excuse for not following the rules and not having the right people in place can be negligent. If you don't hire the right people to do the additional compliance work or have that additional counsel who is an expert on this, you're probably going to get yourself in trouble. As a legal department, you're not doing your job if you don't get the requisite expertise within your organization.

CC: Are you confident that there will be a data privacy bill passed in the next couple of years?

JC: Yes. California is the canary in the coal mine when it comes to tech companies. Let's say that Nevada passes a law and then New York comes next, it is going to be untenable for companies to become compliant with all of those laws.

The federal government has to do it. Their constituents may get annoyed. From a legal perspective, you have to think about it crossing state lines. There is a good argument from the federal government that they have jurisdiction over data privacy when it comes to a large multinational corporation.

What we're seeing is natural. The EU generally cares about individual consumers and California is a fast follower. Then other states are following. Eventually, the federal government will come in. If your legal department isn't able to see that, they're not doing right by you.