SlideShare uma empresa Scribd logo

Future-Proof Your Workplace Privacy Approach for CPRA and Beyond

TrustArc
TrustArc

The California Privacy Rights Act (CPRA) is coming fast and even companies currently complying with the California Consumer Privacy Act (CCPA) will face new challenges, including the protection of human resource (HR) data, something previously exempt under the CCPA. Before the CPRA comes into effect, HR professionals need to be prepared to understand and comply with this new legislation. While employers’ were previously obligated to provide disclosure notices, they will now be required to provide their employees with the right to access, correct, and delete data. Explore what employers need to consider to be compliant with CPRA.

Tecnologia
1 de 28
Baixar para ler offline
1 © 2022 TrustArc Inc. Proprietary and Confidential Information. Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
2 Speakers Jerel Pacis Agatep Associate, Data Privacy & Workplace Monitoring, BakerHostetler Andrew Scott Global Privacy Manager, TrustArc Joseph J. Lazzarotti Privacy, Data Security and Social Media Practice Group Leader, Jackson Lewis P.C.
3 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
4 CCPA Overview and its Impact on Employee Personal Information What changes to look for in Service Agreements with Vendors (e.g., PEOs, Staffing Agencies, and Benefit/Insurance Providers) Agenda Harmonization with Other State Frameworks How to Prepare/Operationalize for CPRA Questions & Answers
5 CPRA Overview and Its Impact On Employee Personal Information
6 Potential Impacts on Organizations ● Compliance with CCPA ○ Fines for non-compliance ● Optics ○ More opportunities to build or lose trust with brand ● Employee Confidence ○ Providing employees with confidence to raise complaints without retaliation ○ Making employees aware of their rights and security of their data ● Increased Cross-Functional Collaboration ○ Communication must increase between Legal, HR, and Technology Departments regarding privacy matters (e.g., understanding automated employment decisions, increased training with responding to complaints/requests) ● Impacting In-House Resources ○ Need to reassess data flows, consult outside counsel, seek new technical solutions, implement new controls, regularly assess the effectiveness of the controls, and create new roles ● Corporate Governance ○ Increased need to establish a privacy stakeholder and consider privacy not as a cost but as core business strategy ● Global Regulatory Environment (Interoperability)
7 CCPA, CPRA, and CPPA Overview CCPA California Consumer Privacy Act of 2018 California State Law – Legislative Action Intended to enhance privacy rights and consumer protection for residents of California January 1, 2020 – July 1, 2023 CPRA California Privacy Rights Act of 2020 California State Referendum – Voter Action CCPA amendment that addresses issues and gaps created by initial CCPA January 1, 2023 CPPA California Privacy Protection Agency Established through the CPRA Consists of a 5 Member Board that directs an Agency on matters of enforcement, regulations, education January 1, 2023 What does it stand for? Origins Effective Intent
8 CCPA’s Definition of Personal Information CCPA Section 1798.140 (v) (1): “ ‘Personal information’ means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household: . . . (I) Professional or employment-related information. …” *Personal Information does not include consumer information that is deidentified or aggregate consumer information or publicly available information or lawfully obtained. See CCPA Section 1798.140 (v) (2)-(3).
9 Employment-Related Information is Personal Information “ ‘Employment-related information’ means personal information that is collected by the business about a natural person for the reasons identified in Civil Code section 1798.145, subdivision ([m])(1). The collection of employment-related information, including for the purpose of administering employment benefits, shall be considered a Business Purpose.” CCPA Regulations (recently renumbered): Section 7001 (k). This could include job applicant, employee of, owner of, director of, officer of, medical staff member of, or independent contractor. See CCPA Section 1798.145 (m)(1). A Business Purpose means the use of personal information for the business’ operational purposes, or other notified purposes, or for the service provider or contractor’s operational purposes, as defined by the regulations. CCPA Business Purpose: Section 1798.140 (e):
10 Why are we just now talking about Employment-Related Information? October 2019 AB 25 Signed Exempts Employment Personal Information & B2B Information until 1/1/21 June 2018 AB 375 Signed Establishes CCPA January 2020 CCPA Operative July 2020 CCPA Enforcement Authority September 2020 AB 1281 extends Employment Personal Information & B2B Exemption until 1/1/23 November 2020 CPRA Approved by California voters January 2023 CPRA Operative July 2023 CPRA Enforcement Authority August 2022 Extension for Exemptions of Employment PI & B2B Did Not Pass
11 Employee Rights Under CPRA 1 Right to access 2 Right to correction 3 Right to deletion 4 Right to opt out of the sale or share of data 5 Right to limit the use of sensitive personal information Right to no retaliation 6 Previously under CCPA, personal information collected in the employment-context were not subject to certain CCPA requirements, including CCPA Rights (i.e., Right to Know, Delete, Opt-Out of Sale, Nondiscrimination). Under CPRA, employees now have full consumer rights.
12 Balancing CPRA with Other California Employment Laws Right to Know ● The California Labor Code has several laws affording workforce members the “right to know” certain types of workforce member information the employer has collected, including but not limited to ○ (1) Personnel File (Cal. Labor Code § 1198.5) ○ (2) All Documents Signed (Labor Code § 432) and ○ (3) Payroll Records (Labor Code § 226). ● However, the CCPA, amended by the CPRA, may be broader in scope and may have new and different obligations for employers that do not exist under the current Labor Code, including possible additional PI in scope (e.g., geolocation, biometric, internet activity, inferences drawn, etc.) and different timelines for compliance with a workforce member’s request. Right to Delete ● Employers should assess federal, state and local retention requirements pertaining to workforce member PI, including but not limited to the Age Discrimination in Employment Act, the Americans with Disabilities Act, the Civil Rights Act of 1964 (Title VII), the Fair Labor Standards Act, the Family Medical Leave Act, the Occupational Health and Safety Act, California Government Code § 12946, and California Labor Code § 226 to determine potential exemptions to a deletion request under CCPA §1798.105 (d)(8)’s “to comply with a legal obligation.” Right to Opt Out of Sale or Share ● Employers should not only reassess their disclosure agreements with vendors but also ascertain whether their vendors are service providers, contractors or third parties under the CPRA, as disclosure of workforce member PI may be viewed as a “sale” under certain circumstances.
13 Exemptions Impact on CPRA ● More than two times in a 12-month period ● “Disproportionate effort” ● Conflict with federal/state law ● Fraud/abuse ● Right to correct ○ Accuracy ● Right to delete ○ Archives and back up ○ Deidentified/aggregate ● Right to limit ● Attorney client privilege (?)
14 What changes to look for in Service Agreements with Vendors (e.g., PEOs, Staffing Agencies, and Benefit/Insurance Providers)
15 Identify Your Vendors Service Provider: “A person that processes personal information on behalf of a business and that receives from or on behalf of the business consumer’s personal information for a business purpose…” (CCPA 1798.140) (ag)(1) ○ Must have Contract Requirements in place pursuant to CCPA 1798.140 (ag)(1) & §7051 ■ Prohibition on contracting for Cross-Contextual Behavioral Advertising or Combining Personal Information from other sources ■ Use Limitation, Purpose Limitation, Disclosure Limitation, and Grant Right to Audit Contractor: “A person to whom the business makes available a consumer’s personal information for a business purpose…” CCPA 1798.140 (J)(1) ○ All contractual prohibitions under “Service Provider,” including §7051 ○ Certification from contractor that contractor understands the required contractual prohibition and will comply with them Third Party: “ Is neither a service provider, contractor, nor a business with whom the consumer intentionally interacts and that collects personal information from the consumer as part of the current interaction with the business.” 1798.140 (ai) ○ likely combines non-public data from multiple sources being combined ○ Grants right to the business to take reasonable and appropriate steps to ensure consistent use of data under CCPA and the regulations
16 What is a “sale”? Is a California employee’s personal information being disclosed to a vendor for “monetary or other valuable consideration”? ● Monetary Consideration = Money ● Other valuable consideration = other “valuable” exchanges, such as swapping services for personal information ○ cookies ○ pixels ○ other online trackers may constitute a “sale” under CCPA Ask Yourself ● Is there a service provider/contractor agreement? ● Did the employee direct the transfer of personal information ● Is the personal information being transferred to alert a third party that the employee has submitted an opt-out request regarding the sale of their personal information? ● Is the personal information being transferred as apart of a merger, acquisition, bankruptcy, or similar transaction? What is a “share”? ● Is the California resident’s personal information being disclosed to a vendor for cross-contextual behavioural advertising? ○ Cross-contextual behavioural advertising - targeting ads to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, websites, apps, or other services
17 CCPA in the News ● On August 24, the Office of the Attorney General (OAG) first settlement under the CCPA, alleging that a company failed to: ○ Disclose to consumers that it was selling their personal information ○ Process user requests to opt out of sale requests via user-enabled global privacy controls ○ Provide a clear and conspicuous “Do Not Sell My Personal Information” link enabling consumers to opt -out of the sale of their personal information; and ○ Provide two or more designated methods for submitting requests to opt -out. ● The OAG also alleged Sephora violated California’s Unfair Competition Law by “making false or misleading statements of facts concerning Defendant’s sale of consumers’ personal information and unfairly depriving consumers of the ability to opt-out of this sale.” Beauty Products Company Fined $1.2 Million in California Attorney General’s First CCPA Enforcement Action
18 CCPA in the News ● Beauty Products Company installed third-party software on its website and app to track online consumer activity - the OAG notably called it “commercial surveillance.” ● The OAG asserted the software could track all types of data and could build behavioral profiles of users, allowing Sephora to more effectively target potential customers. ○ By receiving this data, Sephora engaged in selling - benefitting from “other valuable consideration” in the CCPA’s definition of “sale”. ● The OAG also asserted there were no valid service-provider contracts in place, which is one exception to “sale” – contractually limiting the third-party tracking companies to processing requirements to establish them as “service providers” under the CCPA. ● What’s next? CPRA may provide more risk to online tracking activities – bringing the right to opt out of the sale of personal information AND of the transfer of personal information to a third party for cross-context behavioral advertising What Happened?
19 Let’s Talk Red Flags in Vendor Management ● PEOs, Staffing Agencies, and Benefit/Insurance Providers ○ Who owns the data? ○ Can we use “Joint-Controller” ? ● Contracts ○ Provisions that consider when service providers end up combining personal information? ○ Challenging requirements and provisions? ○ Granting and enforcing rights to audit / vendor assessment ● What Guidance is needed in a future rulemaking package? ○ Sensitive Personal Information ○ Business Purposes ● Practical Solutions ● Predictions for 2023
20 Harmonization with Other State Frameworks
21 Harmonizing CCPA Requirements with Other Jurisdictions ● Colorado - Colorado Privacy Act (CPA): ○ Goes into effect July 2023 ○ To be covered by the law, the “controller” must (i) conduct business in the State of Colorado, (ii) determines the purposes and means of processing personal data; and (iii) satisfy at least one of the following requirements: ■ controls or processes the personal data of more than 100,000 Colorado residents per year ■ or derives revenue from selling the personal data of more than 25,000 Colorado residents. ● Connecticut - Connecticut Data Privacy Act (CTDPA): ○ Goes into effect July 2023 ○ To be covered by the law, the "controller" must conduct business in Connecticut or produce products or services that are targeted to residents of Utah and, during the preceding calendar year, either: ■ during a calendar year, control or process data for at least 75,000 Connecticut residents, ■ or control or process personal data of at least 25,000 Connecticut residents and derive over 25 percent of gross revenue from the sale of personal data. The Other States
22 Harmonizing CCPA Requirements with Other Jurisdictions ● Virginia Consumer Data Protection Act (VCDPA): ○ Goes into effect January 2023 ○ To be covered by the law, the "controller" must conduct business in Virginia or produce products or services that are targeted to residents of Virginia and either: ■ during a calendar year, control or process data for at least 100,000 Virginians or ■ control or process personal data of at least 25,000 Virginia residents and derive over 50 percent of gross revenue from the sale of personal data. ● Utah - Utah Consumer Privacy Act (UCPA): ○ Goes into effect December 2023 ○ To be covered by the law, the "controller" must conduct business in Utah or produce products or services that are targeted to residents of Utah and either: ■ during a calendar year, control or process data for at least 100,000 Utah residents, or ■ control or process personal data of at least 25,000 Utah residents and derive over 50 percent of gross revenue from the sale of personal data. The Other States
23 How to Prepare and to Operationalize for CPRA
24 ● Data Inventory ● Operationalize Vendor Management ○ Contract Templates for the Three Categories of Vendors ○ Conduct Assessments via either Third Party Vendors or Internal Audits (§ 7051 (a)(7) & (c)) ○ Ensure Ability to Test Consent Systems and That Opt-Out Requests are Processed ● Update Privacy Notices (Internal/External) ○ Evaluate when Notice Not Needed for Sensitive PI is collected § 7027m ● Record Retention Practices ● Consult Counsel ● Find Tech-Enabled Privacy Solutions that Cover What You Need ● Update Employee Trainings ● Security Issues ● Show Good Faith by Proactive (§7301) How to Prepare/Operationalize for CPRA
25 ● Further Guidance on Sensitive Personal Information ● Further Guidance on Business Purposes ● Further Guidance on Requirements to Provide Notice ● Geolocation Data Collected on company-devices ● Harmonizing Business obligations to respond and honor to consumer requests ● Other? What Further Rulemaking is Needed
26 26 Interested in TrustArc Solutions for CPRA?
27 27 Attendee Q&A
28 28 Thank You! See http://www.trustarc.com/insightseries for the 2022 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Recomendados

CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
TrustArc
 
How To Scale Your Enterprise SEO Program
How To Scale Your Enterprise SEO ProgramHow To Scale Your Enterprise SEO Program
How To Scale Your Enterprise SEO Program
Search Engine Journal
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
Jordan Wilson - Genius ChatGPT Tactis.pdf
Jordan Wilson - Genius ChatGPT Tactis.pdfJordan Wilson - Genius ChatGPT Tactis.pdf
Jordan Wilson - Genius ChatGPT Tactis.pdf
SOLTUIONSpeople, THINKubators, THINKathons
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Embracing AI for student and staff productivity.pptx
Embracing AI for student and staff productivity.pptxEmbracing AI for student and staff productivity.pptx
Embracing AI for student and staff productivity.pptx
Charles Darwin University
 

Recomendados

CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
TrustArc
 
How To Scale Your Enterprise SEO Program
How To Scale Your Enterprise SEO ProgramHow To Scale Your Enterprise SEO Program
How To Scale Your Enterprise SEO Program
Search Engine Journal
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
Jordan Wilson - Genius ChatGPT Tactis.pdf
Jordan Wilson - Genius ChatGPT Tactis.pdfJordan Wilson - Genius ChatGPT Tactis.pdf
Jordan Wilson - Genius ChatGPT Tactis.pdf
SOLTUIONSpeople, THINKubators, THINKathons
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Embracing AI for student and staff productivity.pptx
Embracing AI for student and staff productivity.pptxEmbracing AI for student and staff productivity.pptx
Embracing AI for student and staff productivity.pptx
Charles Darwin University
 
skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptx
RahulGarg294918
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
Priyanka Aash
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
Carol Scott - Fast Track Your AI Journey.pdf
Carol Scott - Fast Track Your AI Journey.pdfCarol Scott - Fast Track Your AI Journey.pdf
Carol Scott - Fast Track Your AI Journey.pdf
SOLTUIONSpeople, THINKubators, THINKathons
 
Bryan Mattimore - AI Ideation and TIE.pdf
Bryan Mattimore - AI Ideation and TIE.pdfBryan Mattimore - AI Ideation and TIE.pdf
Bryan Mattimore - AI Ideation and TIE.pdf
SOLTUIONSpeople, THINKubators, THINKathons
 
Abbie - BrightonSEO.pdf
Abbie - BrightonSEO.pdfAbbie - BrightonSEO.pdf
Abbie - BrightonSEO.pdf
Abbie84
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
Data Quality
Data QualityData Quality
Data Quality
jerdeb
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for You
DATAVERSITY
 
Real-World Data Governance: Data Governance Policy - Components and Content
Real-World Data Governance: Data Governance Policy - Components and ContentReal-World Data Governance: Data Governance Policy - Components and Content
Real-World Data Governance: Data Governance Policy - Components and Content
DATAVERSITY
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
ChatGPT for Data Science Projects
ChatGPT for Data Science ProjectsChatGPT for Data Science Projects
ChatGPT for Data Science Projects
Ajitesh Kumar
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
Dovetail Software
 
AI FOR BUSINESS LEADERS
AI FOR BUSINESS LEADERSAI FOR BUSINESS LEADERS
AI FOR BUSINESS LEADERS
Andre Muscat
 
List of AI Tools (3).pdf
List of AI Tools (3).pdfList of AI Tools (3).pdf
List of AI Tools (3).pdf
Fiza987241
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
mussell
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
California consumer privacy act and its impact on california employers
California consumer privacy act and its impact on california employersCalifornia consumer privacy act and its impact on california employers
California consumer privacy act and its impact on california employers
mosmedicalreview
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdf
DaviesParker
 

Mais conteúdo relacionado

Mais procurados

skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptx
RahulGarg294918
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for You
DATAVERSITY
 
Real-World Data Governance: Data Governance Policy - Components and Content
Real-World Data Governance: Data Governance Policy - Components and ContentReal-World Data Governance: Data Governance Policy - Components and Content
Real-World Data Governance: Data Governance Policy - Components and Content
DATAVERSITY
 
ChatGPT for Data Science Projects
ChatGPT for Data Science ProjectsChatGPT for Data Science Projects
ChatGPT for Data Science Projects
Ajitesh Kumar
 

Mais procurados (20)

skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptx
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Carol Scott - Fast Track Your AI Journey.pdf
Carol Scott - Fast Track Your AI Journey.pdfCarol Scott - Fast Track Your AI Journey.pdf
Carol Scott - Fast Track Your AI Journey.pdf
 
Bryan Mattimore - AI Ideation and TIE.pdf
Bryan Mattimore - AI Ideation and TIE.pdfBryan Mattimore - AI Ideation and TIE.pdf
Bryan Mattimore - AI Ideation and TIE.pdf
 
Abbie - BrightonSEO.pdf
Abbie - BrightonSEO.pdfAbbie - BrightonSEO.pdf
Abbie - BrightonSEO.pdf
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Data Quality
Data QualityData Quality
Data Quality
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for You
 
Real-World Data Governance: Data Governance Policy - Components and Content
Real-World Data Governance: Data Governance Policy - Components and ContentReal-World Data Governance: Data Governance Policy - Components and Content
Real-World Data Governance: Data Governance Policy - Components and Content
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
ChatGPT for Data Science Projects
ChatGPT for Data Science ProjectsChatGPT for Data Science Projects
ChatGPT for Data Science Projects
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
AI FOR BUSINESS LEADERS
AI FOR BUSINESS LEADERSAI FOR BUSINESS LEADERS
AI FOR BUSINESS LEADERS
 
List of AI Tools (3).pdf
List of AI Tools (3).pdfList of AI Tools (3).pdf
List of AI Tools (3).pdf
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 

Semelhante a Future-Proof Your Workplace Privacy Approach for CPRA and Beyond

2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance
TrustArc
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdf
VISTA InfoSec
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
TrustArc
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to Know
TrustArc
 
Ccpa serviceproviders whitepaper_dec2019
Ccpa serviceproviders whitepaper_dec2019Ccpa serviceproviders whitepaper_dec2019
Ccpa serviceproviders whitepaper_dec2019
Sonia Baldia
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law Update
TrustArc
 

Semelhante a Future-Proof Your Workplace Privacy Approach for CPRA and Beyond (20)

California consumer privacy act and its impact on california employers
California consumer privacy act and its impact on california employersCalifornia consumer privacy act and its impact on california employers
California consumer privacy act and its impact on california employers
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdf
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance
 
Second Verse, Different from the First.
Second Verse, Different from the First. Second Verse, Different from the First.
Second Verse, Different from the First.
 
Comparing California's Consumer Protection Act with the European Union's GDPR
Comparing California's Consumer Protection Act with the European Union's GDPRComparing California's Consumer Protection Act with the European Union's GDPR
Comparing California's Consumer Protection Act with the European Union's GDPR
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners
 
Sia Partners_CCPA 2018_The American GDPR
Sia Partners_CCPA 2018_The American GDPRSia Partners_CCPA 2018_The American GDPR
Sia Partners_CCPA 2018_The American GDPR
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdf
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to Know
 
HIPAA Overview
HIPAA OverviewHIPAA Overview
HIPAA Overview
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
 
Ccpa serviceproviders whitepaper_dec2019
Ccpa serviceproviders whitepaper_dec2019Ccpa serviceproviders whitepaper_dec2019
Ccpa serviceproviders whitepaper_dec2019
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law Update
 
epic-adppavccpa-07292022.pdf
epic-adppavccpa-07292022.pdfepic-adppavccpa-07292022.pdf
epic-adppavccpa-07292022.pdf
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to know
 

Mais de TrustArc

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
TrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
TrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
TrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
TrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
TrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
TrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
TrustArc
 

Mais de TrustArc (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Future-Proof Your Workplace Privacy Approach for CPRA and Beyond

  • 1. 1 © 2022 TrustArc Inc. Proprietary and Confidential Information. Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
  • 2. 2 Speakers Jerel Pacis Agatep Associate, Data Privacy & Workplace Monitoring, BakerHostetler Andrew Scott Global Privacy Manager, TrustArc Joseph J. Lazzarotti Privacy, Data Security and Social Media Practice Group Leader, Jackson Lewis P.C.
  • 3. 3 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  • 4. 4 CCPA Overview and its Impact on Employee Personal Information What changes to look for in Service Agreements with Vendors (e.g., PEOs, Staffing Agencies, and Benefit/Insurance Providers) Agenda Harmonization with Other State Frameworks How to Prepare/Operationalize for CPRA Questions & Answers
  • 5. 5 CPRA Overview and Its Impact On Employee Personal Information
  • 6. 6 Potential Impacts on Organizations ● Compliance with CCPA ○ Fines for non-compliance ● Optics ○ More opportunities to build or lose trust with brand ● Employee Confidence ○ Providing employees with confidence to raise complaints without retaliation ○ Making employees aware of their rights and security of their data ● Increased Cross-Functional Collaboration ○ Communication must increase between Legal, HR, and Technology Departments regarding privacy matters (e.g., understanding automated employment decisions, increased training with responding to complaints/requests) ● Impacting In-House Resources ○ Need to reassess data flows, consult outside counsel, seek new technical solutions, implement new controls, regularly assess the effectiveness of the controls, and create new roles ● Corporate Governance ○ Increased need to establish a privacy stakeholder and consider privacy not as a cost but as core business strategy ● Global Regulatory Environment (Interoperability)
  • 7. 7 CCPA, CPRA, and CPPA Overview CCPA California Consumer Privacy Act of 2018 California State Law – Legislative Action Intended to enhance privacy rights and consumer protection for residents of California January 1, 2020 – July 1, 2023 CPRA California Privacy Rights Act of 2020 California State Referendum – Voter Action CCPA amendment that addresses issues and gaps created by initial CCPA January 1, 2023 CPPA California Privacy Protection Agency Established through the CPRA Consists of a 5 Member Board that directs an Agency on matters of enforcement, regulations, education January 1, 2023 What does it stand for? Origins Effective Intent
  • 8. 8 CCPA’s Definition of Personal Information CCPA Section 1798.140 (v) (1): “ ‘Personal information’ means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household: . . . (I) Professional or employment-related information. …” *Personal Information does not include consumer information that is deidentified or aggregate consumer information or publicly available information or lawfully obtained. See CCPA Section 1798.140 (v) (2)-(3).
  • 9. 9 Employment-Related Information is Personal Information “ ‘Employment-related information’ means personal information that is collected by the business about a natural person for the reasons identified in Civil Code section 1798.145, subdivision ([m])(1). The collection of employment-related information, including for the purpose of administering employment benefits, shall be considered a Business Purpose.” CCPA Regulations (recently renumbered): Section 7001 (k). This could include job applicant, employee of, owner of, director of, officer of, medical staff member of, or independent contractor. See CCPA Section 1798.145 (m)(1). A Business Purpose means the use of personal information for the business’ operational purposes, or other notified purposes, or for the service provider or contractor’s operational purposes, as defined by the regulations. CCPA Business Purpose: Section 1798.140 (e):
  • 10. 10 Why are we just now talking about Employment-Related Information? October 2019 AB 25 Signed Exempts Employment Personal Information & B2B Information until 1/1/21 June 2018 AB 375 Signed Establishes CCPA January 2020 CCPA Operative July 2020 CCPA Enforcement Authority September 2020 AB 1281 extends Employment Personal Information & B2B Exemption until 1/1/23 November 2020 CPRA Approved by California voters January 2023 CPRA Operative July 2023 CPRA Enforcement Authority August 2022 Extension for Exemptions of Employment PI & B2B Did Not Pass
  • 11. 11 Employee Rights Under CPRA 1 Right to access 2 Right to correction 3 Right to deletion 4 Right to opt out of the sale or share of data 5 Right to limit the use of sensitive personal information Right to no retaliation 6 Previously under CCPA, personal information collected in the employment-context were not subject to certain CCPA requirements, including CCPA Rights (i.e., Right to Know, Delete, Opt-Out of Sale, Nondiscrimination). Under CPRA, employees now have full consumer rights.
  • 12. 12 Balancing CPRA with Other California Employment Laws Right to Know ● The California Labor Code has several laws affording workforce members the “right to know” certain types of workforce member information the employer has collected, including but not limited to ○ (1) Personnel File (Cal. Labor Code § 1198.5) ○ (2) All Documents Signed (Labor Code § 432) and ○ (3) Payroll Records (Labor Code § 226). ● However, the CCPA, amended by the CPRA, may be broader in scope and may have new and different obligations for employers that do not exist under the current Labor Code, including possible additional PI in scope (e.g., geolocation, biometric, internet activity, inferences drawn, etc.) and different timelines for compliance with a workforce member’s request. Right to Delete ● Employers should assess federal, state and local retention requirements pertaining to workforce member PI, including but not limited to the Age Discrimination in Employment Act, the Americans with Disabilities Act, the Civil Rights Act of 1964 (Title VII), the Fair Labor Standards Act, the Family Medical Leave Act, the Occupational Health and Safety Act, California Government Code § 12946, and California Labor Code § 226 to determine potential exemptions to a deletion request under CCPA §1798.105 (d)(8)’s “to comply with a legal obligation.” Right to Opt Out of Sale or Share ● Employers should not only reassess their disclosure agreements with vendors but also ascertain whether their vendors are service providers, contractors or third parties under the CPRA, as disclosure of workforce member PI may be viewed as a “sale” under certain circumstances.
  • 13. 13 Exemptions Impact on CPRA ● More than two times in a 12-month period ● “Disproportionate effort” ● Conflict with federal/state law ● Fraud/abuse ● Right to correct ○ Accuracy ● Right to delete ○ Archives and back up ○ Deidentified/aggregate ● Right to limit ● Attorney client privilege (?)
  • 14. 14 What changes to look for in Service Agreements with Vendors (e.g., PEOs, Staffing Agencies, and Benefit/Insurance Providers)
  • 15. 15 Identify Your Vendors Service Provider: “A person that processes personal information on behalf of a business and that receives from or on behalf of the business consumer’s personal information for a business purpose…” (CCPA 1798.140) (ag)(1) ○ Must have Contract Requirements in place pursuant to CCPA 1798.140 (ag)(1) & §7051 ■ Prohibition on contracting for Cross-Contextual Behavioral Advertising or Combining Personal Information from other sources ■ Use Limitation, Purpose Limitation, Disclosure Limitation, and Grant Right to Audit Contractor: “A person to whom the business makes available a consumer’s personal information for a business purpose…” CCPA 1798.140 (J)(1) ○ All contractual prohibitions under “Service Provider,” including §7051 ○ Certification from contractor that contractor understands the required contractual prohibition and will comply with them Third Party: “ Is neither a service provider, contractor, nor a business with whom the consumer intentionally interacts and that collects personal information from the consumer as part of the current interaction with the business.” 1798.140 (ai) ○ likely combines non-public data from multiple sources being combined ○ Grants right to the business to take reasonable and appropriate steps to ensure consistent use of data under CCPA and the regulations
  • 16. 16 What is a “sale”? Is a California employee’s personal information being disclosed to a vendor for “monetary or other valuable consideration”? ● Monetary Consideration = Money ● Other valuable consideration = other “valuable” exchanges, such as swapping services for personal information ○ cookies ○ pixels ○ other online trackers may constitute a “sale” under CCPA Ask Yourself ● Is there a service provider/contractor agreement? ● Did the employee direct the transfer of personal information ● Is the personal information being transferred to alert a third party that the employee has submitted an opt-out request regarding the sale of their personal information? ● Is the personal information being transferred as apart of a merger, acquisition, bankruptcy, or similar transaction? What is a “share”? ● Is the California resident’s personal information being disclosed to a vendor for cross-contextual behavioural advertising? ○ Cross-contextual behavioural advertising - targeting ads to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, websites, apps, or other services
  • 17. 17 CCPA in the News ● On August 24, the Office of the Attorney General (OAG) first settlement under the CCPA, alleging that a company failed to: ○ Disclose to consumers that it was selling their personal information ○ Process user requests to opt out of sale requests via user-enabled global privacy controls ○ Provide a clear and conspicuous “Do Not Sell My Personal Information” link enabling consumers to opt -out of the sale of their personal information; and ○ Provide two or more designated methods for submitting requests to opt -out. ● The OAG also alleged Sephora violated California’s Unfair Competition Law by “making false or misleading statements of facts concerning Defendant’s sale of consumers’ personal information and unfairly depriving consumers of the ability to opt-out of this sale.” Beauty Products Company Fined $1.2 Million in California Attorney General’s First CCPA Enforcement Action
  • 18. 18 CCPA in the News ● Beauty Products Company installed third-party software on its website and app to track online consumer activity - the OAG notably called it “commercial surveillance.” ● The OAG asserted the software could track all types of data and could build behavioral profiles of users, allowing Sephora to more effectively target potential customers. ○ By receiving this data, Sephora engaged in selling - benefitting from “other valuable consideration” in the CCPA’s definition of “sale”. ● The OAG also asserted there were no valid service-provider contracts in place, which is one exception to “sale” – contractually limiting the third-party tracking companies to processing requirements to establish them as “service providers” under the CCPA. ● What’s next? CPRA may provide more risk to online tracking activities – bringing the right to opt out of the sale of personal information AND of the transfer of personal information to a third party for cross-context behavioral advertising What Happened?
  • 19. 19 Let’s Talk Red Flags in Vendor Management ● PEOs, Staffing Agencies, and Benefit/Insurance Providers ○ Who owns the data? ○ Can we use “Joint-Controller” ? ● Contracts ○ Provisions that consider when service providers end up combining personal information? ○ Challenging requirements and provisions? ○ Granting and enforcing rights to audit / vendor assessment ● What Guidance is needed in a future rulemaking package? ○ Sensitive Personal Information ○ Business Purposes ● Practical Solutions ● Predictions for 2023
  • 20. 20 Harmonization with Other State Frameworks
  • 21. 21 Harmonizing CCPA Requirements with Other Jurisdictions ● Colorado - Colorado Privacy Act (CPA): ○ Goes into effect July 2023 ○ To be covered by the law, the “controller” must (i) conduct business in the State of Colorado, (ii) determines the purposes and means of processing personal data; and (iii) satisfy at least one of the following requirements: ■ controls or processes the personal data of more than 100,000 Colorado residents per year ■ or derives revenue from selling the personal data of more than 25,000 Colorado residents. ● Connecticut - Connecticut Data Privacy Act (CTDPA): ○ Goes into effect July 2023 ○ To be covered by the law, the "controller" must conduct business in Connecticut or produce products or services that are targeted to residents of Utah and, during the preceding calendar year, either: ■ during a calendar year, control or process data for at least 75,000 Connecticut residents, ■ or control or process personal data of at least 25,000 Connecticut residents and derive over 25 percent of gross revenue from the sale of personal data. The Other States
  • 22. 22 Harmonizing CCPA Requirements with Other Jurisdictions ● Virginia Consumer Data Protection Act (VCDPA): ○ Goes into effect January 2023 ○ To be covered by the law, the "controller" must conduct business in Virginia or produce products or services that are targeted to residents of Virginia and either: ■ during a calendar year, control or process data for at least 100,000 Virginians or ■ control or process personal data of at least 25,000 Virginia residents and derive over 50 percent of gross revenue from the sale of personal data. ● Utah - Utah Consumer Privacy Act (UCPA): ○ Goes into effect December 2023 ○ To be covered by the law, the "controller" must conduct business in Utah or produce products or services that are targeted to residents of Utah and either: ■ during a calendar year, control or process data for at least 100,000 Utah residents, or ■ control or process personal data of at least 25,000 Utah residents and derive over 50 percent of gross revenue from the sale of personal data. The Other States
  • 23. 23 How to Prepare and to Operationalize for CPRA
  • 24. 24 ● Data Inventory ● Operationalize Vendor Management ○ Contract Templates for the Three Categories of Vendors ○ Conduct Assessments via either Third Party Vendors or Internal Audits (§ 7051 (a)(7) & (c)) ○ Ensure Ability to Test Consent Systems and That Opt-Out Requests are Processed ● Update Privacy Notices (Internal/External) ○ Evaluate when Notice Not Needed for Sensitive PI is collected § 7027m ● Record Retention Practices ● Consult Counsel ● Find Tech-Enabled Privacy Solutions that Cover What You Need ● Update Employee Trainings ● Security Issues ● Show Good Faith by Proactive (§7301) How to Prepare/Operationalize for CPRA
  • 25. 25 ● Further Guidance on Sensitive Personal Information ● Further Guidance on Business Purposes ● Further Guidance on Requirements to Provide Notice ● Geolocation Data Collected on company-devices ● Harmonizing Business obligations to respond and honor to consumer requests ● Other? What Further Rulemaking is Needed
  • 26. 26 26 Interested in TrustArc Solutions for CPRA?
  • 28. 28 28 Thank You! See http://www.trustarc.com/insightseries for the 2022 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.