PHOENIX--(BUSINESS WIRE)--On the heels of the Colorado Privacy Act (CPA) legislation, Truyo, the leader in truly automated consent and data privacy rights management, has launched a free adaptive privacy impact assessment (PIA) tool that will become mission critical to privacy compliance. The PIA tool will enable organizations to evaluate privacy risks and mitigation of those risks, as well as prepare for compliance under the new privacy legislation to take effect in 2023.
Currently, the General Data Protection Regulation (GDPR) requires organizations that process consumers’ personal information to complete privacy impact assessments and regular risk assessments on an ongoing basis. This will soon be a requirement under California’s Consumer Privacy Rights Act (CPRA), Virginia’s Consumer Data Protection Act (VCDPA), and the CPA if it’s signed into law. Truyo’s PIA tool enables organizations to see what personally identifiable information (PII) it has, where it is stored, where and how it is transmitted, which applications process it, and who can access it — information that is necessary for implementing privacy controls. The tool is also dynamic and adaptive, providing conditional questions based on the specific needs of the organization, as well applicable legal, privacy and data protection risks.
“It’s very likely the Colorado Privacy Act will pass and that will mean data privacy assessments will become a requirement for companies,” said Dan Clarke, president of Truyo. “Companies will need to review their privacy procedures and they should start preparing sooner than later as this has become a 2021 agenda item. PIAs are a proactive step toward compliance and a good practice for privacy planning. As more privacy guidelines emerge, these assessments also help any organization regardless of industry or geographic exposure to know where it stands and prepare for the future.”
While the Virginia Consumer Data Protection Act does require data protection assessments, there are a number of exemptions. In Colorado, however, companies are very unlikely to be exempt.
“One of the more interesting parts of the Virginia and Colorado privacy acts is the requirement that companies complete data protection assessments. I'm frankly surprised the people that endorsed these bills in Colorado and Virginia didn't raise more red flags around the data protection assessment requirement,” said David Zetoony, Co-Chair of Greenberg Traurig’s the U.S. Data, Privacy & Cybersecurity Practice. “Both states have an open-ended requirement to conduct a protection assessment anytime there is a ‘heightened risk’ of harm to the consumer. That may end up being a pretty open-ended and subjective standard; companies really don’t have proper notice as to what types of activities the attorneys general may argue require assessments. Both acts also challenge conceptual concepts of privilege when it comes to preparing legal opinions.”
The foundation of Truyo’s cloud-based privacy impact assessment tool was developed by a nationally regarded law firm with extensive privacy experience, follows the NIST standard framework, and provides fully compliant risk assessment report documents with key compliance metrics. The Truyo PIA reveals:
- personally identifiable information and how the organization collects, uses, manages and shares it;
- potential privacy risks associated with the organization’s data processing activities;
- and answers to questions that clients, vendors and auditors may have regarding privacy compliance.
“Because PIAs should be living documents that can be updated regularly as systems are changed and updated or data comes in from a new source, we made the Truyo PIA cloud-based so it can easily be revisited and accessed as needed,” said Clarke. “Assessments can also be replicated so if a new PIA needs to be created, it doesn’t require starting from scratch.”
To learn more about the Truyo privacy impact assessment (PIA) tool, visit truyo.com/assessment.
Truyo, an IntraEdge company, powered by Intel®, offers customers true consent and data privacy rights management automation. Specializing in privacy UX, Truyo has a nuanced understanding and a depth of experience in the operational delivery of privacy rights management creating better privacy rights and consent management experiences for users and companies. Through its Truyo Privacy Platform and Health-Check Management Solutions, Truyo enables global organizations to manage complex compliance requirements, minimize risk and deliver fast ROI. For more information, visit truyo.com.
IntraEdge is a large technology talent, products, services and training organization that functions with the agility of a significantly smaller firm. We provide our clients with the resources and expertise to enhance business performance through technology. We give our people the opportunity to grow in their fields, with the freedom to excel. For more information, visit intraedge.com.