CCPA Public Hearings Start This Week

The California Attorney General will be holding four public hearings in several California cities this week. The hearings will provide the public with an opportunity to take part in the California Consumer Privacy Act (CCPA) rulemaking process. All members of the public are invited to speak on the regulations. Members of the public are also able to submit written comments regarding the proposed CCPA regulations by mail or email. The public comment period will end on Friday, December 6th at 5pm PT. 

The California Consumer Privacy Act is set to become the most comprehensive privacy law in the United States when it takes effect on January 1, 2020. The law broadly expands the rights of consumers, including the right to opt-out of the sale of personal information to third parties, and requires in-scope businesses to be significantly more transparent about how they collect, use, and disclose personal information.  

TrustArc will be attending the public hearing in San Francisco on December 4th and will share any relevant insights presented at the session. To read TrustArc’s recap of the CCPA public forum held earlier this year in San Francisco, click here.  To read TrustArc’s overview of the proposed CCPA regulations, click here

The four public hearings will take place: 

Sacramento – December 2nd at 10am
CalEPA Building
Coastal Room, 2nd Floor
1001 I Street
Sacramento, CA 95814

Los Angeles – December 3rd at 10am
Ronald Reagan Building
Auditorium, 1st Floor
300 S. Spring Street
Los Angeles, CA 90013

San Francisco – December 4th at 10am
Milton Marks Conference Center
Lower Level
455 Golden Gate Ave.
San Francisco, CA 94102

Fresno – December 5th at 10am
Fresno Hugh Burns Building
Assembly Room #1036
2550 Mariposa Mall
Fresno, CA 93721

TrustArc is an active participant in privacy conferences and our team regularly attends policy forums to help inform and shape our solutions. With privacy experts spanning the world in the U.S., Canada, Latin America, Europe and Asia, our team is at the forefront of the ever-changing privacy landscape. To speak with a privacy expert about the California Consumer Privacy Act, schedule a consultation today!

Reimagining Privacy: TrustArc Acquires Nymity

Chris Babel, CEO of TrustArc

Today we’re pleased and proud to be announcing that TrustArc has acquired Nymity, a fellow pioneer in the privacy solutions market. Our vision is to combine the best privacy research, assessment tools and data subject rights solutions from Nymity with the best intelligent privacy automation platform from TrustArc to deliver fresh, novel approaches to enable organizations of any size,  sector, or region to more effectively harness their data. Our two companies have a shared history of innovation. Our experience in the space boasts almost 40 years and we’re excited to be able to combine this heritage with our focus on next generation technology to provide new value to customers. 

As public and regulatory expectations escalate, demand for privacy solutions continues to grow. New laws are being passed and updated with increasing frequency, including the California Consumer Privacy Act (CCPA), which will enter into application on January 1, 2020. We understand businesses need a partner who they can rely on to provide the very best service to help them navigate the ever changing privacy legislative landscape. 

Since 1997, TrustArc has evolved with market demand from its origins in enabling organizations to demonstrate trust online through seals and certifications to today’s leading intelligence-driven privacy management platform provider. Since 2002, Nymity has been delivering the world’s most robust expert privacy research, assessment and data subject rights solutions that organizations across industry sectors have come to rely upon, including its globally-recognized privacy management accountability framework that is embedded into the Nymity solutions. 

With our unrivaled privacy experience, together we will deliver the next generation of unprecedented privacy solutions empowering privacy, security, IT, legal and business teams to efficiently drive insights, operationalize compliance, manage risk, and demonstrate accountability.

We believe technology is at its best when it timely provides needed insights and efficiently facilitates the actions that enable organizations to focus on what matters to them most – their core strategy and objectives , safe in the knowledge risks are being managed. We understand this is a big responsibility and we work hard to protect you, your business and your customers.

Since our early beginnings, we’ve built a strong foundation of capabilities and products that have helped lead the industry. Now we enter the next chapter in the company’s life and with Nymity we are excited to extend our reach even further. We have designated Canada as a key development center and we are excited to leverage their deep SaaS and privacy talent pools in Toronto and Vancouver. We are also combining our operations in Europe to increase our footprint and to provide expanded support for organizations seeking to efficiently manage GDPR, as well as complex regional, global, and cross-border obligations.

From a technology perspective, the Nymity line of privacy solutions is now an integral part of the TrustArc platform. The Nymity Privacy Management Accountability Framework is being aligned with the TrustArc Privacy and Data Governance Framework. This powerful combination delivers an integrated suite of next generation accountability, risk, and compliance solutions powered by the TrustArc platform to address records of processing and data inventories, assessments, and data subject rights management. Nymity’s nearly 18 years of providing practical data privacy research will bolster the actionable Privacy Intelligence embedded in the TrustArc Platform, including its Intelligence Engine, Privacy Profile, and newly launched Risk Profile.

With change comes opportunity. Together, we will reimagine privacy and deliver on the path forward to new possibilities for our customers and for our own development. Nymity’s Founder and President and Founder, Terry McQuay and I recorded a video below that talks about why the companies are coming together and what the future holds for our customers. We look forward to continuing to work with you on this exciting journey. 

TrustArc Wins 2019 CyberSecurity Breakthrough Award

TrustArc has been named the winner of the “Policy Management Solution Provider of the Year” award from CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market.

TrustArc pioneered privacy compliance and risk management for organizations of every size, addressing the needs of legal, compliance, IT, marketing, and other teams who manage customer and employee data. Today TrustArc is building on this legacy with technology innovations to help businesses stay ahead of changing regulatory and customer requirements. 

The TrustArc Platform is a comprehensive solution that incorporates privacy intelligence to operationalize and automate privacy compliance management with proven technology, global coverage, fast deployment and continuous innovation. The platform includes capabilities to manage data inventory / mapping, privacy assessments, data subject / consumer rights requests, consent, compliance reporting and risk management KPIs. The platform modules are integrated and scalable, so they work together from the start and grow with a company as needs change.

“With the arrival of GDPR last year and the impending January 1, 2020, California Consumer Privacy Act (CCPA) deadline, along with dozens of additional laws and regulations adopted in the past 12 months, the complexity of managing privacy compliance and risk is growing exponentially,” said Chris Babel, CEO, TrustArc. “We’re committed to taking on this challenge head-on, and we are thrilled to receive this industry honor in recognition of our innovation, leadership and success in the area of privacy, compliance and data protection.”

The mission of the CyberSecurity Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of information security categories, including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Email Security and many more. This year’s program attracted more than 3,500 nominations from over 15 different countries throughout the world.

“The growing complexity of business in the digital world along with an expanding list of global privacy regulations significantly increases the need for organizations to adopt scalable and efficient solutions that ensure compliance and consumer trust,” said James Johnson, managing director, CyberSecurity Breakthrough. “TrustArc is a pioneering leader in this area, with over two decades of experience and a track record of innovation that is a shining example of the industry ‘breakthrough’ we aim to highlight in our annual awards program. We are pleased to announce TrustArc as a 2019 CyberSecurity Breakthrough Award winner and we extend a hearty congratulations to the entire TrustArc team on their well-deserved industry recognition.”

TrustArc continues to drive the privacy industry forward, continuously adding new capabilities to its comprehensive Privacy Platform, which is backed by more than 20 years of experience helping companies of all sizes manage their privacy compliance. It supports all privacy management initiatives, including CCPA, GDPR, HIPAA, Nevada Privacy Law, LGPD, and vendor risk. Learn more about TrustArc here.

NYC Proposes Telecom and Mobile App Geolocation Sharing Prohibition

The New York City Council has put forth a proposal to prohibit the sharing of a customer’s location data by telecommunications carriers and mobile application (app) developers.  According to Int. 1632-2019, introduced by the Council and referred to committee on July 23, 2019, the administrative code of New York City (NYC) would be amended to render unlawful such entities’ sharing of a customer’s location “where such data was collected while the customer’s mobile communications device were physically present in the city.”

The term “location data” is defined without specificity as to the level of location preciseness as information related to the physical or geographical location of a person or the person’s mobile communications device, “regardless of the technological method used to obtain this information.” This suggests, then, that the level of abstraction could include geolocation data derived potentially via IP address, WiFi triangulation, GPS signals, cellular data information, beacons and more. The bill exempts from the sharing prohibition instances where location data is shared in order to provide a service explicitly requested by the customer, or where location data is “shared in exchange for products or services,” potentially leaving the door open for location sharing or selling as part of a loyalty program, for instance.

The Department of Information Technology and Telecommunications (DITT) would be the enforcement body for the law, which provides for a $1,000 civic penalty for each violation, capped at $10,000 per day per person for multiple violations. The bill also affords a private right of action to customers whose location data were shared in violation of the law, with a court of competent jurisdiction being able to award actual damages at the same levels as the DITT, plus reasonable attorney’s fees. The DITT is empowered to promulgate rules to further administer the law, which would take effect 120 days after becoming law.

See full article here.

This update was provided by the TrustArc Privacy Intelligence News and Insights Service, part of the TrustArc Platform. To learn how you can get full access to the daily newsfeed, contact us today!

Harvard Business Review Offers Guidance For Managing Privacy and Security Obligations and Risks

In a recent Harvard Business Review article, New Laws on Data Privacy and Security Are Coming. Is Your Company Ready?, author Andrew Burt offers guidance for organizations juggling increasing privacy and security obligations and risks. Burt highlights the increase in legislation organizations should be mindful of?—including, California’s IoT law,  Brazil’s data protection law, and India’s data protection law.

He offers several strategies for organizations to manage the current and coming risks and obligations.

  • First, he suggests for organizations to evaluate their current level of security and processes for preventing privacy and security vulnerabilities; and the amount of time devoted to testing and maintaining software for risks. Doing so, he offers, will allow organizations to determine the amount of time and effort required to adequately secure systems.
  • Second, he suggests for organizations to embed security into software design and deployment life cycle, and be able to demonstrate that “ that security and privacy controls are not simply an afterthought but are a core requirement in and of themselves.”
  • Third, Bart suggests that organizations ensure that their privacy and security controls are proportional to “the volume and complexity of the code they seek to protect.”

See the full article here.

This update was provided by the TrustArc Privacy Intelligence News and Insights Service, part of the TrustArc Platform. To learn how you can get full access to the daily newsfeed, contact us today!