Welcome to our 21st episode of Serious Privacy. There is no better way to celebrate 21 than to return to our basics and have a kitchen table conversation with our own Paul Breitbarth. This week, Paul will discuss his favorite privacy topic. We limited it to one topic – will he go for two topics? Does he have one overwhelming favorite issue in privacy? With Paul’s background with the data protection authorities, he has more of a legal scholarly slant – so this should be a very interesting treasure hunt to find out what resonates most with him.
Paul’s favorite topic incorporates elements of politics, fundamental rights of individuals, legal discourse, and the international relationship among countries. In this episode, we cover counterterrorism and whistleblowers – bodycams and cell phones. All of these center into one overarching topic that is fascinating and controversial, but also necessary in modern life. Listen to this week’s episode on our website or stream the episode below.
TrustArc and BigID have announced a partnership to help organizations uncover, classify, understand, and protect personal and sensitive data for ongoing privacy compliance.
“Data is a company’s most vital asset. Maintaining data privacy reduces the risk businesses incur while simultaneously unlocking the business value of that data,” said Michael Lin, SVP product and engineering of TrustArc. “Our partnership with BigID combines its excellence in data discovery, an essential element of a strong privacy program, with a simplified, automated view of privacy compliance that only TrustArc can offer.”
The TrustArc/BigID partnership enables organizations to optimally define, build, and maintain flexible, responsive, and automated data privacy-management programs. As regulations and business requirements shift, privacy managers can leverage TrustArc’s Privacy Management Platform and knowledge to adjust their processes accordingly, modify operational frameworks, and automate fulfillment based on up-to-date accurate and comprehensive data intelligence.
Through the partnership, customers can also:
- Take action on privacy insights generated from continuous analysis of all data platforms and types, including cloud software, files, big data, and traditional data stores;
- Automate discovery, classification, and inventorying of personal and sensitive data based on how data is related to individuals across the enterprise;
- Automate the management of consumer and data subject access requests (DSRs) at scale using data inventories;
- Seamlessly populate the TrustArc Data Inventory Hub and update it based on new discovery findings.
“This partnership highlights TrustArc and BigID’s approach to bring clarity and intelligence to the complex data privacy regulatory environments,” said Nimrod Vax, co-founder and chief product officer of BigID. “With this partnership, we aim to ensure that customers can automate and manage privacy compliance for the long haul, beyond the initial manual controls many organizations have started with to address regulatory compliance.”
Read more about this partnership here.
As part of the Privacy Insight Series, TrustArc presented the webinar “2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best Practices” earlier this week with speakers Gary Edwards, Co-Founder and President of Golfdale Consulting, and Paul Breitbarth, Director, EU Policy and Strategy at TrustArc. This blog post will give a brief summary of that webinar addressing the recent global privacy survey and its subsequent findings; you can listen to the entire webinar and download the slides here.
In May 2020, TrustArc conducted a comprehensive Global Privacy Benchmarks Survey of more than 1,500 senior executives, privacy office leaders, privacy team members, management, and full-time employees outside the privacy function. This week’s webinar focused on the various findings from the survey which covered topics, such as privacy initiatives, CCPA readiness, COVID-19 impact and privacy budgets. Gary pointed out that, “this global survey provided great coverage, hearing from many different voices across the world, which provided a strong top to bottom view of emerging trends in the privacy space during the COVID-19 pandemic.”
Looking at organizations’ top initiatives and the changes afoot in 2020, the results were consistent and clear. Adapting to new regulations, adjusting privacy and data protection policies, and training staff on how to get this work done are top priorities. While Paul was happy to see companies were prioritizing these undertakings, he was disappointed to see that only 55% of survey respondents chose “rights requests” as a top initiative, considering data subject rights are commonly required under many regulations.
In terms of preparing for the CCPA, only 14% of respondents reported being done. Paul noted that even though the July 1st enforcement date is on the horizon, many companies consider the CCPA a “moving target” as the CCPA regulations have not been fully finalized yet. Gary commented many respondents view the CCPA challenges as moderately difficult which may be a result of companies being in the early stages of CCPA compliance. If you haven’t started CCPA compliance, you’re more likely to find challenges (such as managing third-party risks and maintaining an incident response program) more difficult than if you’ve started or are in the late stages of CCPA compliance.
Gary and Paul provided the webinar attendees with some advice on companies that are behind: Work on the most visible things first, such as your privacy notice, the “do not sell” button, and the mandatory hotline. They went on to review the impact of COVID-19 on privacy and data protection and discussed new digital technologies. Watch the full webinar to learn more about the comprehensive survey’s findings. Download the 2020 Global Privacy Report here.
After many weeks discussing a huge variety of topics with our guests, it is time to go back to basics: a privacy conversation about our favorite topics while sitting on a sunny back porch, drink in hand. This week, it’s K’s turn to discuss her favorite privacy topics. Listen in as K and Paul discuss her two favorite topics in depth, both of which are global privacy concerns. This episode can be heard on our website or can be streamed below.
As part of the Privacy Insight Series, TrustArc presented the webinar “CCPA Update: What You Need to Know about CPRA & July 1st Enforcement” last week with speakers Teresa Troester-Falk, President and Founder of BlueSky Privacy, and K Royal, Associate General Counsel at TrustArc. This blog post will give a brief summary of that webinar addressing the California Consumer Privacy Act (CCPA), its new regulations and the ballot initiative, the California Privacy Rights Act (CPRA); you can listen to the entire webinar and download the slides here.
With the possibility of a July 1 enforcement date quickly approaching, there was a lot to cover in this webinar. K and Teresa discussed the current status of the consumer privacy acts in California, how the CCPA regulations compare to the CPRA, what to expect on July 1st, how to prepare for all possible scenarios and provided resources to ensure compliance by July 1st and beyond. They expanded upon the various definitions for terms within the CCPA regulations and CPRA. For the CCPA, the definition of “business” was clarified in the regulations that the revenue prong of $25M applies to all revenue, and not simply revenue within California. This was a point of confusion for business leaders trying to interpret the often vague text of the CCPA.
July 1 Enforcement
In regards to enforcement, K and Teresa discussed the recent communications from the California AG’s office: “The OAG has determined that any delays in implementation of the regulation will have a detrimental effect on consumer privacy as more and more Californians are using online resources to shop, work, and go to school.” Despite the COVID-19 pandemic, it is clear that the AG’s office is serious about protecting Californian’s personal data and unlikely to waiver on the impending enforcement date.
“Share,” “shared,” or “sharing” means sharing, renting, releasing, disclosing, disseminating, making oval/able, transferring, or otherwise communicating orally, In writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and o third party for cross-context behavioral advertising for the benefit of a business In which no money is exchanged. (§1798.140(ah)(1)).
TrustArc CCPA “Opt-Out” Solution
One of the main aspects of CCPA compliance is fulfilling consumer rights requests as consumers have the right to opt-out of the sale of their personal information. As such, the ability for consumers to exercise this right must be found in an easy-to-find location on your website. With TrustArc Cookie Consent Manager now integrated with TrustArc Individual Rights Manager, you can display the “Do Not Sell My Personal Information” link on your cookie banner, providing transparency and improved user experience to your consumers.
In addition, TrustArc Cookie Consent Manager allows you to configure the consent experience based on any geographical compliance requirements as different regulations have different rules. Utilizing TrustArc Cookie Consent Manager allows you to display the applicable consent banner based on the location of the website visitor. For example, you can display a GDPR opt-in notice banner to EU residents and a CCPA notice-only banner to California residents.
Companies are understandably in varying stages of preparedness, and with less than a month to go, prioritizing compliance elements is key. Wherever you are in your CCPA compliance journey, TrustArc can offer support at any stage of your compliance plan.
For more information on how TrustArc can help, visit TrustArc.com or contact us here.
TrustArc has announced the results of its “Global Privacy Benchmark” survey on how organizations are protecting and leveraging data, their most valuable asset. One of the most extensive surveys ever conducted on data privacy, it polled more than 1,500 respondents from around the world at all levels of the organization. Survey results examined a wide range of topics, such as organizational commitment to privacy, the measures and investments companies are making to embed privacy, and company readiness for looming privacy regulations, such as CCPA and its July 1 enforcement date.
“There are more than 900 global privacy laws to which organizations must adhere, making privacy management an ongoing and dynamic challenge,” said Chris Babel, CEO, TrustArc. “The TrustArc survey highlights just how difficult it can be to comply with even a single new regulation, such as CCPA, let alone the entire list of existing laws. The results also show how the COVID-19 pandemic and its attendant technologies, such as video conferencing, have exacerbated an already difficult privacy challenge and forced respondents to rethink their approaches.”
CCPA Compliance Readiness Mostly Lacking; Prior GDPR Preparedness a Boost
Nearly one-third of survey respondents (29%) say they have just started planning for CCPA.
- More than 20% of respondents report they are either somewhat unlikely to be, very unlikely to be, or don't know if they will be fully compliant with CCPA on July 1.
- Just 14% of respondents are done with CCPA compliance. Nine percent have not started with CCPA compliance, and 15% have a plan but have not started implementation.
- Of respondents who reported as being slightly or very knowledgeable about CCPA and GDPR regulations, 82% are leveraging at least some of the work they did for GDPR in implementing CCPA requirements.
Privacy Professionals Still Use Inefficient Technologies for Compliance Programs
Though 90% of respondents agree or strongly agree that they are “mindful of privacy as a business,” many privacy professionals are left building privacy programs without automation.
- 19% of respondents report they are most deficient in automating privacy processes.
- Just 17% of all respondents have implemented privacy management software, which matches the 17% who are still using spreadsheets and word processors.
- In addition, 19% are using open source/free software and 9% are doing nothing.
- Even in the U.S., which boasts the highest rate of privacy management software adoption, just 22% of respondents use privacy management software as their primary compliance software.
Respondents understand the importance of data privacy and continue to invest in ongoing privacy programs. However, many are still attempting to implement these programs using manual processes and technologies that do not offer automation. Moving forward, the companies that can leverage automation to simplify data privacy can protect their most valuable asset—data—and use it to drive business growth.
Pandemic, New Technologies Present Additional Challenges to Compliance
With the move to all-remote workforces, companies are increasingly turning to technologies, such as video conferencing and collaboration tools. These tools present new avenues for data creation that privacy professionals must consider in their company-wide plans.
- Twenty-two percent of respondents said personal device security during the pandemic has added a great deal of risk to their businesses. “Personal device security” received the highest proportion of “a great deal of risk” responses, compared to the other four response options.
- A majority of respondents said that third-party data, supply chain, personal-device security, unintentional data sharing, and required or voluntary data sharing for public health purposes all added at least a moderate amount of risk to their businesses.
- Seventy percent of respondents say video conferencing tools have required a moderate or great change to their privacy approach, and 65% of respondents say collaboration tools have required a moderate or great change to privacy approaches.
Despite Financial Impact of Pandemic, Privacy Compliance Remains a High Priority
Though many respondents expect a significant decrease in their company’s revenues as a result of the COVID-19 pandemic, they are still prioritizing privacy-related investments.
- Forty-four percent of companies expect a decrease or steep decrease in overall company revenues for the balance of 2020 as a result of COVID-19.
- Just 15% of respondents report they plan to spend less or a great deal less on privacy efforts in 2020 as a result of the pandemic.
- Nearly half (42%) of respondents plan to spend $500,000 or more in 2020 on CCPA efforts alone.
Boards of Directors Actively Involved in Privacy Management
The mandate for increased privacy investments is coming from the very top of organizations.
- Eighty-three percent of respondents indicate their board of directors regularly reviews privacy approaches.
- An impressive 86% of respondents say that everyone from the board of directors to the front-line staff knows their role in protecting privacy.
- Four out of five respondents view privacy as a key differentiator for their company.
To download the entire report, click here.