Privacy Hub
Privacy Hub

Privacy Hub by Wrangu –Solution for US Privacy Laws

Your go-to solution for Implementing US Privacy Laws into your organisation

Quick Look: US Privacy Laws

Over the last few years, several US states have passed data privacy and data breach laws which place specific regulatory requirements on private sector organisations, charities, not-for-profit bodies and governmental institutions who process personal data of individuals located in these US states. For most organisations, these requirements have led to the introduction of new processes, systems and personnel to enable them to meet their obligations. Privacy Hub by Wrangu, is a data privacy management solution that automates and harmonises the disparate activities of various teams into one seamless outcome ensuring ongoing compliance.

A look into the details of the US states laws immediately reveals several requirements of interest such as the rights of consumers which organisations are required to fulfil within specified number of days. Organisations are also required to maintain a record of processing activities, send personal data breach notifications to supervisory authorities and impacted data subjects, conduct data protection impact assessments and process personal data with appropriate safeguards.

The following US states data privacy and data breach laws are supported by Privacy Hub by Wrangu:

  • California – California Consumer Privacy Act (CCPA)
  • Illinois – Personal Information Protection Act (PIPA)
  • Nevada – Online Privacy Law (OPL)

Privacy Hub by Wrangu – Solution for US states

Data Subject Rights Requests (DSR) Module

The data subject rights requests module provides the ability for data privacy teams and consumers to raise and manage consumer rights requests allowing organisations:

  • Capture DSR request details.
  • Validate the consumers and / or agents’ identity and data subject rights requests.
  • Manage specified SLA durations to fulfil requests.
  • Have a consolidated view of all open and closed consumer rights requests received from a particular consumer over a given period of time to manage excessive request.
  • Indicate whether a DSR request should be fulfilled based on the lawful basis of processing the information and possible reasons to decline requests.
  • Request approval from a data controller to process a DSR request when acting as a data processor.
  • Confirm with consumers how they would like to receive information in response to right to access requests
  • Dynamically create action tasks for the notification of third parties when fulfilling a right to erasure or right to rectification request

Data Protection Impact Assessment (DPIA) Module

The DPIA module provides the ability to perform an initial DPIA screening questionnaire to determine if a new processing is likely to result in a high risk to the rights and freedoms of consumers and if required, conduct a full assessment for new projects, ensuring adherence to privacy by design principles. The DPIA module also provides:

  • Automatic evaluation of DPIA responses with possible concerns raised for consideration.
  • Built-in configurable risk calculation engine with risk ratings displays based on responses.
  • Configurable approval levels throughout the lifecycle of an assessment including facility to capture and monitor advice from data protection officers.

Record of Processing Activities (ROPA) Module

Comprehensive engine enabling the robust documentation of processing activities with the ability to relate a ROPA directly to services, processes or configuration items within the ServiceNow CMDB. The ROPA module also supports:

  • Capture of all data sets required to fulfil the principles of the regulation on the treatment of personal data. These principles include accountability, identifying purposes of processing, consent, limiting collection and limiting use, disclosure and retention.
  • Maintain version history for each ROPA record to support auditing and complaints management activities.
  • Flag changes in the CMDB and other sources that would suggest a need to update the ROPA including provision of adequate technical and organisational measures for the security of personal data.
  • Generate and update a ROPA from a DPIA utilising the same data set from the DPIA.
  • Automatically indicate what rights consumers can exercise against the data collected as part of this processing.

Data Breach Reporting Module

Acts as a register of all data breach incidents as they relate to personal data and facilitate the automatic determination of whether a report or notification should be sent to the Attorney General and other governmental institutions and / or affected consumers. This module also provides

  • Standard process to support data gathering to determine if the personal data breach is likely to cause relevant risk or damage to the consumers.
  • Automated data breach SLA calculator to ensure regulatory stated reporting timelines are monitored and complied with.
  • Generate and assign dynamic tasks to relevant parties in addressing data breach reporting requirements.
  • Support report creation for notification to the Attorney General and other governmental institutions and / or communication to affected consumers.
  • Ready integration with ServiceNow Security Incident Response module.

Acts as a register of all data breach incidents as they relate to personal information and facilitate the automatic determination of whether a report or notification should be sent to the Attorney General’s Office or impacted consumers. This module also provides

  • Standard process to support data gathering for number of impacted consumers, loss of unencrypted data and / or encryption keys so businesses can easily determine if notification to impacted consumers or the Attorney General’s Office is required if less than 500 data subjects are impacted or only encrypted personal data was breached without the loss of the encryption key and even where the encryption key is compromised where the compromise does not render the personal data accessible.
  • Automated data breach SLA calculator to ensure regulatory stated reporting timelines are monitored and complied with.
  • Generate and assign dynamic tasks to relevant parties in addressing data breach reporting requirements.
  • Support report creation for notification to the Attorney General’s Office or communication to data subjects.
  • Ready integration with ServiceNow Security Incident Response module.

Start accelerating your risk, privacy and security processes

Download our brochure and learn everything about:
• the effect of tailored services on your risk and privacy management
• tailor-made software for data privacy management
• the software and solutions of Wrangu

Want to see the Privacy Hub Live in action? Great! Schedule a software demo now.