Consumer awareness about data privacy is continuing to grow thanks to media focus on privacy issues and legislative events like CCPA 2.0. Even as more people pay attention to how businesses handle their data privacy, organizations still struggle to understand how poor privacy practices and low transparency can reduce customer trust and increase business risk.
To help organizations and privacy professionals realize a robust privacy program can be a differentiator, DataGrail hosted the second iteration of Outsmart Risk. The second edition of this series continued the conversation about the relationship between business risk and privacy.
The exciting hour features sessions on preparing for CCPA 2.0 (CCPA as amended by CPRA), a proactive privacy panel, and exciting integration and product offering news.
Let’s dive into the highlights.
CCPA 2.0 Incoming
Invitae Privacy Counsel Justin Trimachi joined DataGrail’s DeAndrea Salvador to discuss how top companies are building trust and preparing for CCPA 2.0 (as amended by CPRA) enforcement by going beyond compliance to get ahead of changing regulations.
To note, this webinar aired before the Superior Court of California, County of Sacramento issued an order delaying enforcement of OAL-approved CPRA regulations from March 2023 by one year, moving enforcement to March 2024.
Learn more about the CCPA as amended by CPRA and what the Superior Court’s decision means by downloading our new Official Guide to CCPA.
After giving his obligatory “these views are my own and do not represent the views of Invitae” disclaimer, Trimachi let the webinar know he isn’t giving out legal advice.
Trimachi’s experience in software engineering before becoming an attorney gives him some awesome insight into data privacy. Since joining Invitae, Trimachi updated the company’s privacy program to ensure compliance for now, and for whatever comes next.
Invitae’s mission is to empower patients to make decisions about their health through the science of genetics.
The session started with Trimachi providing a refresher on the CCPA, the CPRA, and how the two relate.
A key highlight Trimachi stresses is the CPRA’s amending of the CCPA when it comes to “sharing” data. “
“The CCPA governs the use, collection, and sharing of the personal information of California residents [and] also the selling of personal information,” he says. “Which is important, because the CPRA, one of the key areas where it amends the CCPA, is it comes up with this concept of ‘sharing’ where it just talked about selling before. Sharing is when a business is sharing personal information with a third party for behavioral advertising.”
The other part of the amendment Trimachi points to is the “sunsetting of the business-to-business and employment-related personal information exemptions. Those expired as of December 31st of last year.”
Trimachi also reminds us, “We want to keep thinking CCPA compliance and not CPRA compliance, because the CPRA amended the law, but the effective statute is still the CCPA.”
Interested in listening to the full conversation? Download the section by clicking here.
Proactive Privacy Panel
Next up, FirstService Brands Privacy Manager Elizabeth Asiamah and former Slack DPO Megan Cristina joined DataGrail Privacy Consultant Merry Marwig for a discussion about privacy’s impact across organizational strategy, processes, and systems, and how privacy leaders are proactively getting ahead of business risk.
As privacy leaders in their respective spaces, Asiamah and Cristina are fantastic knowledge sources and valued members of DataGrail’s Privacy Basecamp community. Our community is a place for security, legal, and privacy professionals and executives to network with and learn from each other while collaborating on privacy’s toughest issues.
Marwig led with a question about building privacy at an organizational level. “When it comes to your privacy team’s approach to organizational strategy, processes, and systems, I’d love to know about the overarching values you lean on to drive a privacy program,” Marwig said.
“First and foremost, trust and accountability,” said Cristina. “Internally, you want your stakeholders to trust the privacy team to be a good partner, and also you want your users and customers to trust the company. That has to be a common theme throughout the program.”
Cristina added that she also focuses on transparency. “Similar to the trust value, the team needs to be transparent with their stakeholders because the privacy team works with literally every department in a company. They need to be transparent about what’s important to them, what they’re working on, et cetera.,” she said. “Also, really important, the company needs to have easily understandable notices and documents so that their users and customers understand what kind of data they collect and how they use it.”
Asiamah joined the conversation noting that “there’s great importance in really having the values exercised in a privacy program mirror the values of the organization.”
“So, at FirstService,” she continued, “our values include delivering what is promised, respecting the individual, taking pride in what we do, and — as [Cristina] mentioned — practicing continuous improvement.”
“We want to ensure [our privacy programs] keep up with changes and maintain the best standards,” she explained. “As privacy leaders in the organization, that means continuously improving our knowledge through both formal and informal education and making immediate changes to the program as necessary.”
“Makes a lot of sense,” Marwig concluded. We agree.
Click here to hear more expert insight and watch the complete Proactive Privacy Panel session.
Powering Privacy With Integrations
The final section of our webinar focused on DataGrail’s Risk Intelligence capabilities and how we help customers reduce risk and put an end to shadow SaaS in their tech stacks.
Datagrail CTO Cathy Polinsky spoke to the group about how we’re working to support the company’s vision of proactively outsmarting risk. “At DataGrail, we’re focused on empowering our customers to get ahead of privacy risk and move toward a proactive versus reactive strategy,” Polinsky noted.
“Shadow IT is real,” Polinsky said, referencing the Gartner data point above. “The resultingdata sprawl makes it challenging to figure out what companies know about their personal data, their customers, and their employees. It really hinders the ability to properly safeguard that data, to manage applications, and to fulfill privacy requests, all of which open the company to more risk.”
Polinsky explained how DataGrail’s integrated approach built upon our industry-leading Integration Network powered by 2,000+ connectors supports stronger data mapping and system discovery capabilities.
“We can identify more [personal data] by using existing integrations to find new systems,” she started. “It creates this powerful flywheel. As you connect with more systems, you can use those connections to uncover more, whether it’s your SSO, your procurement, or other applications. That flywheel becomes a really powerful tool to understand and have more visibility across your entire ecosystem.”
“With our risk intelligence layer, organizations can build that comprehensive data map across their entire tech stack, which helps them uncover and eliminate more business risk,” Polinsky said.
Catch the full third section as our CTO explains how Risk Intelligence helps businesses get ahead by clicking here.
Want to learn more?
- Watch the entire Outsmart Risk webinar here
- Get DataGrail’s Official Guide to CCPA
- Download your copy of our Privacy Trends 2023 report
Ready to get started with DataGrail? Sign up for a 1:1 product demo with our team today.