- While the legislation landscape is constantly changing, organizations are struggling to stay abreast of the new obligations and understand what the laws and regulations entail.
- Companies, especially for-profit companies, are driven by sales and revenues. Data is considered a commodity. There is a long way to go with respect to changing the mindset and culture of data protection.
- It is not uncommon that privacy programs are underfunded, de-prioritized, and understaffed due to the disconnection between business strategy and privacy program.
The privacy legislation landscape is constantly changing in the U.S. and privacy protection will become more complicated before it is simplified. Your organization should implement an integrated and holistic privacy program to simplify and streamline the compliance effort.
Impact and Result
- Organizations need to employ a systematic approach in establishing and operationalizing risk-based and right-sized privacy programs.
- Building a strong foundation is key to success by focusing on fulfilling core obligations such as establishing a data inventory, performing DPIAs, responding to DSAR requests, etc.
- Privacy and data protection can’t stand alone. Engaging with your stakeholder and getting buy-in as early as you can. Privacy principles should be embedded into business processes.
Research & Tools
1. Comply With 2023 US Privacy Laws Deck – Research that helps you understand the privacy obligations, perform the readiness gaps, and implement privacy controls to be compliant with US privacy laws and regulations enacted by four states.
Compliance with privacy laws and regulations is essential for protecting personal information and maintaining the trust of customers and stakeholders. Organizations that are subject to privacy laws in the states of Virginia, Connecticut, Utah, and Colorado should take proactive perspectives to implement a holistic privacy framework and stay away from a fragmented, inconsistent, and ineffective approach.
Comply With 2023 US Privacy Laws (Virginia, Connecticut, Utah, Colorado) Storyboard
2. US Privacy Law Scope and Readiness Assessment Tool – This tool provides you with a checklist to start assessing the applicability and privacy compliance readiness level for the privacy and data protection laws and regulations enacted by four US states.
This tool provides a scope assessment questionnaire for each of the following privacy laws. Each questionnaire consists of questions that are designed to help organizations determine whether they are subject to the applicable laws. It also establishes privacy controls to help organizations assess gaps and determine current privacy protection readiness levels.
US Privacy Law Scope and Readiness Assessment Tool
3. Privacy Framework Tool – This tool provides you with a framework to start evaluating how to build your own privacy program.
This tool includes a gap analysis exercise in tab 2, which provides mapping to various privacy laws and regulations such as GDPR, PIPEDA, CCPA/CPRA, Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, HIPAA, GLBA, POPIA 2013, and NIST Privacy Framework etc. The additional tabs assist with the prioritization of these different projects.
Privacy Framework Tool