The Top Privacy Resolutions to make 2022 Your Most Successful Year
1. 1
1
Thank You for Joining Us.
“The Top Privacy Resolutions to make 2022 Your Most Successful Year”
• We will be starting a couple minutes after the hour
• This webinar will be recorded and the recording and slides will be sent out later today
• Please use the GoToWebinar control panel on the right hand side to submit any questions
for the speakers
5. 5
5
Agenda
• The principal regulations to keep an eye on
• The top focuses for privacy leaders in 2022
• How to set your privacy priorities for the year and build an action plan
7. 7
7
US State Laws – Upcoming Enforcement
Colorado Privacy Act (CPA)
•Enforced: July 1, 2023
•Differentiator: Sensitive Data includes citizenship and immigration status
•Differentiator: Duty to avoid secondary use outside notified purpose and intent
California Privacy Rights Act (CPRA)
•Enforced: January 1, 2023
•Differentiator: Sensitive Data defined and includes SSN, drivers license
•Reminder: As of January 1, 2023, B2B and Employee personal data in scope
Virginia Consumer Data Protection Act (VCDPA)
• Enforced: January 1, 2023
• Differentiator: Sensitive Data includes citizenship and immigration status
• Differentiator: Right to opt out of targeted advertising, the sale of personal data, or profiling
8. 8
8
Key Privacy Laws Passed Around the World
S. Africa Protection of Personal Information Act (POPIA)
•Enforced: June 21, 2021
•Differentiator: Need authorization from regulator to process Sensitive Data
•Differentiator: Does NOT apply to offering goods and services outside S. Africa
China Personal Information Protection Law (PIPL)
•Enforced: November 1, 2021
•Differentiator: No concept of processing personal data based on legitimate interest
•Differentiator: Consent as a legal basis for processing personal data is paramount
Saudi Arabia Personal Data Protection Law (PDPL)
•Enforced: March 22, 2022
•Differentiator: All data controller’s (natural and corporate and public and private) that
process personal data of a Saudi must register personal data processing activities through
SDAIA public portal
9. 9
9
Other Big Movements in 2021 - Actionable for 2022
Region Nation/Providence Activity
Europe All EU Members • Updated Standard Contractual Clauses issued (4 modules) – June 2021
• New guidance in on int’l transfers, expect change to SCCs – Nov 2021
• Update older SCCs for new versions – December 27, 2022
Europe United Kingdom • Brexit finalized
• Granted data protection adequacy status by EU
• UK GDPR essentially same as EU GDPR
N. America Canada/Quebec • Bill 64 passed
N. America USA/State Laws • 2021 active bills: AK, MA, NY, NC, OH, OK, PA, SC, VT
10. 10
10
2022 Expectations
Region Nation/Providence Activity
Asia India • Personal Data Protection (PDP) Bill proposed in 2021
• Expect Parliament passage in first-half 2022
Middle East Israel • Personal Data Protection (PDP) Bill proposed in 2021
• Expect Parliament passage in first-half 2022
Europe All EU Members • Possible changes forthcoming with ePrivacy Regulation
• Likely enforcement activities
N. America USA/States Laws • Already proposed in 2022: FL, MD, WA
• Planning on initiating legislation: AZ, CT, MN, MS
N. America USA/Federal Laws • Expect changes to HIPAA
• Privacy Shield - expect to see movement, but nothing clearly in sight
14. 14
14
Thank You!
See http://www.trustarc.com/insightseries for the 2021
Privacy Insight Series and past webinar recordings.
If you would like to learn more about how TrustArc can support you with
compliance, please reach out to sales@trustarc.com for a free demo.