<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Colorado House Votes on SB190, Senate Reconciliation is Next

Updated 6/9/21 @ 11am: The Colorado Senate unanimously voted 34-0 on concurrence and final passage of SB190. It now heads to Gov. Polis, who will have 10 days to sign or explicitly veto it.CPA applies to businesses collecting data on more than 100,000 individuals, or those earning revenue from the data of more than 25,000 consumers. It includes standard data subject rights, an opt-out consent model with a universal opt-out mechanism, and a right to cure, all subject to normal AG rule-making and enforcement.

CPA is effective July 1, 2023 unless vetoed by the Gov. The biggest difference when compared to Virginia or CPRA is the broad requirement (with fewer exemptions) for data protection privacy assessments.

A more specific compliance issue Colorado presents, according to attorney David Zetoony, is the required data protection assessment. Such examinations are also required in the Virginia Consumer Data Protection Act, but Colorado does not exempt companies from these assessments like Virginia.

Original Post

The Colorado Privacy Act SB190 has passed the Colorado House of Representatives by a vote of 57-7. While the bill must return to the Senate for final reconciliation of amendments made by the House, it’s most likely. Unless the Governor vetos it, which is improbable, the amendments will be reconciled in the next few days.

All Posts

What is Privacy Automation?

Privacy laws and regulations have transformed the relationship between businesses and the personal data they collect from consumers. The CCPA grants privacy rights to California’s consumers, which gives them the right to request access, delete, and modify their data. Granting these rights to individuals can place a significant burden on businesses because they must know exactly what data they hold, where, and in what context, which can be an extremely complex process to unfold.

As a result of the CCPA, consumers are exercising their privacy rights more than ever. It is no longer an option for many companies to manually respond to these types of requests in an ad hoc manner, and organizations are starting to rely on technology to “automate” data subject requests. It is paramount for privacy compliance programs to have the ability to operationalize privacy rights requests, including responses across multiple business units, while accommodating high volumes of data subject requests.

Blog Image_Automation

However, automation does not have a consistent definition across modern privacy compliance programs. Automation is often deemed as the silver bullet to efficient, scalable data subject rights compliance. While automation is positioned as a key component of data subject request software, there’s a significant difference between the products with respect to what functions are actually automated.

What is the Scope of Automation?

Other privacy service providers claim full automation of specific data subject rights requests. As these providers claim to automate the consumer and data subject rights request lifecycle from intake to fulfillment, it’s critical to evaluate the process and identify gaps in the automation process.

Automated Workflows

Upon receiving a privacy request, the organization must find the data associated with the individuals and either delete or provide the consumer with their information in a readable format. Many privacy service providers claim to utilize automated workflows to streamline the fulfillment and automatically assign these tasks, while in reality the privacy personnel must manually gather the data for the tasks to be completed.

However, the other privacy service providers claim to fully automate this process, but not without customizations or buying add-ons in the process. Truyo’s standard offering includes automatic data identification and collection by utilizing multiple backend system integrations that can identify and gather data into a central location where it can be reviewed, packaged, and presented from a single location. This process is done automatically and requires no manual intervention.

Automated Data Augmentation

One of the most difficult challenges for any automated solution is the ability to automate changes to the original data sources, which is paramount when an individual requests to delete or rectify their data. While reviewing other privacy solutions, there is no indication that these solutions are capable of automating data modifications in the backend; these tasks are left for the organization’s personnel to make the appropriate changes directly to the original data source.

Through API integrations, Truyo allows organizations to automatically delete, change, or anonymize data across all connected systems with its Data Change Engine. These integrations allow Truyo the ability to retrieve relevant data through backend systems and send commands back to the data source without ever tasking an individual to implement the change.

Scalability Requires True Automation

The CCPA is only the beginning in the United States, and it sets the bar high for other privacy laws and regulations. As more consumers are aware of data privacy, organizations will see an increase in data subject requests. Enterprise organizations with a large volume of data subject requests need a solution that can reduce the time and cost necessary to comply with the CCPA and beyond.

True automation is critical in the next phase of growth and provides tremendous benefits, such as eliminating a significant amount of operational overhead. Truyo provides true end-to-end automation in data identification, retrieval, and data changes, which is a major operational advantage over other privacy service providers that only offer automated task assignment.

Any privacy solution that requires manual intervention at any point in the intake and fulfillment process will produce significant time and cost expenditures as consumer requests increase and/or the number of systems increase. There are multiple data subject request solutions available on the market, and each takes a unique approach to tackle privacy compliance.

Choose a provider that fully automates data subject request. Truyo, powered by Intel®, offers true end-to-end automation without requiring you to purchase additional products in the process. In addition, Truyo provides superior support with one point of contact, making for an enjoyable experience from project approval to go-live. Contact us to learn more

Monique Becenti
About Monique Becenti
Monique Becenti is the Product Marketing Manager at Truyo. She has deep technical knowledge in technology with an emphasis on data privacy.
Recent Posts

Colorado House Votes on SB190, Senate Reconciliation is Next

Updated 6/9/21 @ 11am: The Colorado Senate unanimously voted 34-0 on concurrence and final passage of SB190. It now heads to Gov. Polis, who will have...

4 Tips for Choosing the Right Privacy Tool

First, there was technology, then came the data collection. As that technology rapidly grew more intelligent and pervasive, so too did the data. As th...

The California Privacy Protection Agency Is Not Wasting Time

In a meeting agenda released today, the California Privacy Protection Agency made it clear that they are going to move quickly and start implementing ...

Update: Senate Vote on Colorado Privacy Act is In

The Colorado State Senate has unanimously passed the Colorado Privacy Act which will now move to the State Assembly for voting. The current session co...