TrustArc Blog

What You Need to Know About California Consumer Privacy Act Amendments

September 17, 2018

On June 28, 2018, the California Consumer Privacy Act (CCPA) was unanimously passed. It is slated to go into effect January 1, 2020, and it is set to be the toughest privacy law in the United States. It broadly expands the rights of consumers and requires businesses within its wide scope to be significantly more transparent about how they collect, use, and disclose personal information. While it is a California law, a business outside of California must also comply if it conducts business with residents (natural persons) of California. 1   As expected, it was recently updated to address some … Continue reading What You Need to Know About California Consumer Privacy Act Amendments

IAPP & TrustArc Web Conference on New Research — How Privacy Tech Is Bought and Deployed

August 14, 2018

The number of technology solutions available to help privacy professionals get their jobs done has exploded in recent years. With more and more stringent legal obligations to comply with every year, privacy teams need efficient and effective tools to manage data flows within their organizations, and to comply with requests for personal information from customers. So with a plethora of offerings, how to sift the wheat from the chaff? What tools are fully matured and worth their cost, and which are promising but not quite ready for real-time implementation? In May 2018, IAPP and TrustArc surveyed 328 privacy professionals around … Continue reading IAPP & TrustArc Web Conference on New Research — How Privacy Tech Is Bought and Deployed

Why You Should Get Started on CCPA Compliance Now

July 17, 2018

The California Consumer Privacy Act of 2018 (AB 375) was passed on June 28th, 2018 (“CCPA”). Similar to the GDPR, the CCPA will require companies in scope to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the January 1, 2020 deadline. Those who have helped their companies prepare for the GDPR compliance date know the importance and benefit of starting early. While they may have a head start, creating processes to manage these new and ongoing compliance obligations under the CCPA will be a large undertaking for any company in scope. There … Continue reading Why You Should Get Started on CCPA Compliance Now

One Week to Go: Are you Ready for May 25th? – Webinar Recap

May 22, 2018

As part of the TrustArc Privacy Insight Series Webinars, Paul Iagnocco, Consulting Director & Senior Privacy Consultant at TrustArc, presented “One Week to Go: Are you Ready for May 25th?”  This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here. In this webinar Paul addressed the questions companies are facing  as the May 25th GDPR deadline approaches: Is my company compliant? What if we are not 100% compliant? What happens next?  This webinar focused on four main areas as they apply to the GDPR: compliance status, enforcement, … Continue reading One Week to Go: Are you Ready for May 25th? – Webinar Recap

GDPR Compliance – Consent Requirements under the GDPR – Marketing Activities

May 04, 2018

Companies that must comply with the GDPR should take a close look at their marketing processes to ensure that they will meet GDPR requirements. The following three examples are key places where most companies should take another look at their processes with regard to GDPR consent requirements. Marketing Outreach Email Programs Most companies’ marketing departments have outreach programs where a large database of clients and prospects are sent emails with information about new products or services. If individuals have unsubscribed, opted out, or otherwise indicated their desire that your organization stop using their personal information, your organization may not contact … Continue reading GDPR Compliance – Consent Requirements under the GDPR – Marketing Activities

72 Hours Notice: GDPR Incident Response Management – Webinar Recap

April 20, 2018

As part of the TrustArc Privacy Insight Series Webinars, Ashley Slavik, Senior Counsel & Data Protection Officer, Veeva Systems Inc. and K Royal, Consulting Director, TrustArc, discussed how companies can plan for and respond to a data breach in compliance with the GDPR. Ashley and K gave best practices, suggested tools, and tips for addressing GDPR Article 33 and Article 34. This blog post will give a brief summary; you can listen to the entire webinar and download the slides here. Before going into data breach requirement details, our speakers discussed the different notification requirements for Controllers and Processors and gave examples … Continue reading 72 Hours Notice: GDPR Incident Response Management – Webinar Recap