Risk and compliance software and services company NAVEX Global has announced product offerings built specifically to handle citizen data rights requests such as the California Consumer Privacy Act (CCPA).
The offerings are among a growing number of tech solutions in the US, designed to help customers meet the demands of a continuously changing regulatory landscape.
In its efforts to provide customers guidance on evolving data privacy matters including CCPA, NAVEX Global has added functionality to its EthicsPoint® hotline incident management product. This new functionality will track, manage and report on data subject rights and requests.
Additionally, the company’s NAVEXEngage® training catalogue now includes a new, legally vetted CCPA training course that describes best practices related to the regulation. California law stipulates that, for certain employees, training on CCPA requirements is mandatory.
“The CCPA is a sweeping piece of legislation that will take effect in January 2020, affecting organizations who have customers who reside in California, the largest state in the U.S.,” said Shon Ramey, NAVEX Global’s General Counsel.
“Providing best-in-class solutions to manage the effects of new and shifting regulations is part of NAVEX Global’s broader mission to protect customers and help them stay ahead of regulatory and legal risk.”
The CCPA is often compared to the European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018. Under CCPA, California broadly expanded the rights of consumers and required certain businesses be far more specific and transparent about how they collect, use and disclose personal information.
Under the CCPA, California consumers may request to:
- Learn what personal information is being collected and why
- Have their personal information deleted
- Obtain information about onward disclosures and, if applicable, the “selling” of their personal information
- Learn the categories of third parties with whom their data is shared, as well as from whom their data was acquired
While the CCPA takes effect early next year, enforcement will begin six months later. Many other states are considering similar legislation. In a connected world, the possibility of different regulations across the U.S., combined with variances about personal data regulations around the world, creates an increasingly complex patchwork of requirements organizations must monitor and address.
“With CCPA, GDPR and perhaps more exacting but definitely varying data privacy rules popping up in other jurisdictions, data privacy compliance has arguably never been trickier,” Ramey said.
“NAVEX Global understands that for any organization, tackling complex issues like CCPA comes down to finding the best ways to manage risk – and that starts by having the right systems in place, identifying threats, setting priorities and asking the right questions.”
The post #Privacy: More help for businesses to meet CCPA requirements appeared first on PrivSec Report.