No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

New CCPA, GDPR TPRM Privacy Guidelines and Checklists from Shared Assessments

Tools Help Organizations Assess and Address Privacy Risk Across Relationships

by Corporate Compliance Insights
April 21, 2020
in GRC Vendor News
GDPR and CCPA on opposite sides of the globe

Up-to-the-Minute Privacy Guidelines and Compliance Checklists Help Organizations Demystify Statute Complexities and Execute a Phased Approach to CCPA; Updated GDPR Compliance Guidelines and Checklist Also Issued

Santa Fe, NM – The Shared Assessments Program today issued “CCPA Privacy Guidelines & Checklists,” the security and risk industry’s first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act (CCPA). Concurrently, Shared Assessments issued its updated “GDPR Privacy Guidelines & Checklist.”

Complying with the still-evolving CCPA statute has proven challenging for many organizations. Senior thought leaders from 10 firms have come together with Shared Assessments’ Privacy working group to outline the key components of CCPA, providing comparisons to GDPR, to assist organizations in gaining a clearer understanding of the obligations under these rules. Confusion has arisen regarding several key aspects of this statute, such as classification requirements of providers and other third parties and processes required to manage and respond to consumer requests. Even the CCPA’s definition of what is considered a “sale” has created new and confusing compliance requirements, because any exchange involving “valuable consideration” is a potential sale, whether or not monetary value is involved.

“Regulations like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) have triggered a convergence of third party risk management and data privacy,” notes Linnea Solem, Founder & CEO of Solem Risk Partners. “The complexity of navigating the nuances of each regulation and the operational challenges for third party relationships has generated considerable dialog within the Shared Assessments Program Privacy working group. As participants networked this past year to share ideas, best practices and pain points, the committee initiated a set of Privacy White Papers to help industry peers navigate and provide checklists to map their progress.”

“CCPA Privacy Guidelines & Checklist” provides detailed, actionable insight on:

  • Operational challenges around data collection, use, and disposal.
  • Thresholds and timelines for compliance with the regulations.
  • Exemptions and industry distinctions, such as amendments and provisions specific to finance, healthcare and retail sectors.
  • Data governance and vendor data inventories, anonymization and aggregation.
  • Best practices for navigating the complex technology and marketing/advertising digital ecosystems.
  • Detailed requirements and steps for integrating CCPA obligations into ongoing third party risk management (TPRM) programs and aligning programs to CCPA mandates using the Vendor Risk Management Maturity Model.

CCPA Checklist and Tools

The CCPA and GDPR Guidelines and Checklists can be used alone and also work in conjunction with the Shared Assessments Third Party Privacy Tools, a component in the Third Party Risk Management Toolkit. These resources provide an Implementation Guide which is a primer for understanding how to address privacy risk in Third Party relationships. These resources are designed to be used by organizations of all sizes to assist with the project management and educational needs for addressing Third Party risk.

The Checklists help practitioners to quickly assess the state of and next step actions for vendor inventories, data classifications and governance measures, location management, program governance, policies and procedures, contract development and adherence, and risk assessment processes.

“It’s worth noting that the CCPA presents substantial new challenges even for those organizations in compliance with the European Union’s General Data Protection Regulation (GDPR), which did not address issues of online data privacy that are central to CCPA,” said Santa Fe Group CEO David J. Perez. “Such ongoing, rapid shifts in the regulatory landscape are exactly why the intelligence ecosystem of Shared Assessments has proven invaluable to organizations and risk professionals worldwide, who rely on its best practices, tools and research to ensure program compliance and navigate change.”

New Edition: GDPR Implications for Third Party Risk Management

Shared Assessments has also just released its updated “GDPR Implications for Third Party Risk Management.” This guide and best practices checklist provide important new insight into integrating GDPR requirements into TPRM programs, and an update on the operational challenges for risk management.

Longer term, as more states promote similar legislation, experts expect to see further expansion of the current regulatory checkerboard of rules surrounding data governance and management, breach notifications, and online digital privacy regulations. And as these evolve, Shared Assessments and its contributors – the privacy, risk and policy experts at leading organizations around the world – continue to provide invaluable guidance that its members and the professional risk management community rely upon worldwide.

For a copy of “CCPA Privacy Guidelines & Checklist” or “GDPR Implications for Third Party Risk Management” please visit https://sharedassessments.org/blog/ccpa-privacy-guidelines-and-checklists/

About the Shared Assessments Program

As the only organization that has uniquely positioned and developed standardized industry resources to bring efficiencies to the market for enterprise risk management for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through leadership, best practices, tools, training and special interest groups. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk aware and resilient environment in your organization. www.sharedassessments.org


Tags: California Consumer Privacy Act (CCPA)GDPRThird Party Risk Management
Previous Post

Corporate Law Departments Face Changing Demands in Today’s Complex and Uncertain Business Environment

Next Post

Data-Sharing Regulations Heat Up in 2020

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

svb_f

Risky Business: Important Lessons From SVB’s Demise

by Atul Vashistha
March 28, 2023

When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious...

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

ProcessUnity Unify Third Party Risk and Cybersecurity Whitepaper-f

Unify Third Party Risk & Cybersecurity for Sustainable Resiliency

by Corporate Compliance Insights
March 14, 2023

Align risk reduction efforts by bringing together third-party and cybersecurity functions White Paper Unify Third-Party Risk & Cybersecurity for Sustainable...

Next Post
gauge with needle on fire

Data-Sharing Regulations Heat Up in 2020

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT