In February, I reported here that law firm Wilson Sonsini Goodrich & Rosati had launched a software subsidiary, SixFifty, to develop automated tools designed to make legal processes more efficient and affordable for businesses and individuals. Today, it is releasing its first product: SixFifty Privacy, a suite of tools to help businesses comply with the California Consumer Privacy Act (CCPA) set to take effect on Jan. 1, 2020.
“The CCPA is an industry-changing law,” SixFifty President Kimball Dean Parker told me during an advance demonstration. “It fundamentally changes how companies are supposed to treat data and the rights consumers have to protect data.”
Parker and his team developed SixFifty Privacy based on guidance from lawyers in WSGR’s Privacy and Data Protection practice. The application assists companies with four key components of CCPA compliance:
- Documents, enabling companies to generate all required policies and compliance documents.
- Requests, providing a dashboard through which companies can collect, manage and fulfill consumer requests to delete, access, or restrict sales of their data.
- Data mapping, to help companies identify how data enters their systems and where it is stored.
- Training, to provide required training to all employees who interact with consumers or handle consumer information.
Using this platform, a company can lay the foundation for its CCPA compliance within 15 minutes, Parker said.
The application creates a consumer-facing portal through which companies receive requests. The company can brand this with its logo and customize certain features of it. Because the law applies only to California residents, the portal will ask consumers to verify their residency before allowing them to submit a request.
SixFifty provides a set of templates, developed in conjunction with WSGR attorneys, for responding to consumer requests. SixFifty provides new customers with five hours of implementation assistance to help companies customize these templates or develop their own, and make other adjustments to the platform and its set-up.
SixFifty also provides all the policy and contractual documents required for CCPA compliance. The platform walks a company through a series of questions in order to create the documents. Once a question is answered, the information is saved and can be used again wherever it is needed. The final documents are generated in Microsoft Word. If legal developments result in changes to any of the document templates, SixFifty will notify the company to generate the updated document.
For the training, the platform provides a series of short videos, each followed by brief quiz questions. All the videos were developed in conjunction with WSGR attorneys, Parker said. All training is logged and the company can generate a report at any time of who has started and completed the training.
For a company to hire a law firm and technology-development firm to create everything SixFifty Privacy offers would cost in the range of $250,000, Parker estimates. In setting pricing for this application, his goal was to allow companies to obtain everything they need a tenth to a fifth of that cost.
For SixFifty Privacy, the pricing will vary based on the size of the company, the ways they collect data, and other factors. Here is the breakdown:
- For the core compliance documents, $7,500, plus a yearly renewal fee of $2,000 to reflect WSGR’s periodic updates to the documents.
- For the consumer requests portal, $5,000 for 500 requests and then increasing from there. Companies would buy requests in bundles.
- Training is in the range of $50 to $100 per seat, based on how many seats the company has. A seat means the employees who actually take the training, not the overall number of employees. The law requires that the training be renewed every year.
“We’ve really thought through, what does the company need, what are the core functionalities, and how do we make it as easy and affordable as possible,” Parker said.
While SixFifty Privacy is not the only CCPA compliance tool on the market, Parker says it comes with one major competitive advantage: “This has the knowledge from one of the world’s best privacy practices baked in.” On top of that, he believes this application is the most affordable and easiest to use.
And as other states adopt data-privacy laws of their own, the platform will be updated to handle them.
Parker is the lawyer who developed the innovative LawX design lab at BYU Law School together with the school’s dean, D. Gordon Smith. (I have written a number of posts about LawX, which you can find here.) Under Parker’s mentorship, the LawX lab last year released SoloSuit, an online tool to help those who cannot afford legal services respond to debt collection lawsuits.
At the law firm Parsons Behle & Latimer in Salt Lake City, Parker and Porter formed an innovation subsidiary, Parsons Behle Lab, where they developed GDPR IQ, a tool that generates all the legal documents a company needs to comply with the General Data Protection Regulation.
In February, WSGR announced the launch of SixFifty and the naming of Parker to lead it. At the time, Parker told me that, once it completed the privacy application, SixFifty would turn its attention to other projects, including in the area of access to justice.
That remains true, Parker told me, explaining that the software that underlies SixFifty Privacy can be adapted to a range of uses. “Our minds are spinning with how to use these technologies for access-to-justice issues,” he said.