Privacy Policy & Notices
Our CCPA rollout service brings the expertise to update your internal and external privacy policies to reflect CCPA compliance.
Manage Process and Change
Our CCPA rollout service team implements your CCPA compliance in 3 phases. The focus is to first mitigate enforcement risk, then security readiness, and lastly scale-up.
Privacy Rights Management
Our CCPA rollout service team deploys your privacy rights management process. This includes support to deploy intake automation, and workflow process.
Data & Security Controls Assessment
Essert conducts private action risk assessment. We use CIS 20 security controls assessment and provide the recommendations needed to mitigate security risks.
CPRA Privacy Policies & Notices
CCPA/CPRA compliance requires you to review/update your policies and notices
Our CCPA/CPRA rollout service brings the expertise necessary to update your external and internal policies to reflect CCPA/CPRA compliance. In addition to collecting the policy data, we also perform updates to your website privacy policies & terms of use, customer & vendor agreement templates, employer & contractor agreement templates, and data processing agreements. We also review and update your other external and internal policies including job applicant policy, IT/security policy, employee handbook, and internal privacy handbook if any. These policy changes may impact your overall privacy governance including structure and control, and very likely to result in a change in your incident management and response. Your business also needs an incident response plan for enforcement action and/or private action.
1
2
3
1
CCPA Roll out with managed privacy service
2
InfoSecEnforcer CCPA roll out delivers speed and lower cost of deployment
3
Update customer, partner agreements and address vendor compliance
1
2
1
Change both your external and internal privacy policies
2
Phased approach to minimize cost of implementation
Process & Change Management – CCPA/CPRA RollOut Service
CCPA privacy compliance requires some process changes and a smooth transition
Essert and its partners brings the experience to implement the new external and internal privacy policies across your business. We implement a phased program. The first phase is to roll out the basic program of policy reviews and changes. This could be a simple privacy request management rollout. The goal of the first phase is to mitigate the enforcement risk. The next phase is to focus on security and security readiness. This may include a quick assessment, implementation of a few top security recommendations, and IT/security policy changes. The goal of this phase is to prevent and manage any data breaches and the resulting private action. The third phase is to focus on scaling up. This may include data automation and improvement of request workflows. The goal of this phase is to reduce the cost of privacy operations.
Manage CCPA/CPRA Privacy Rights & Workflow
Privacy rights requests are the new normal for your business
Essert brings the system and expertise needed to implement and improve your privacy rights management process. CCPA compliance implies responding to consumer privacy requests in time whether you are an online business, retail business, or simply a b2b company. Your company needs the appropriate verification process. You may need to initiate a new authorized agent process. We provide the support you need to deliver the appropriate privacy governance & process. While incident management response plans are not new to your company, privacy-related changes need to be addressed to avoid enforcement action.
1
1
CCPA roll out must also include workflow definition and training
1
2
1
Managed privacy services as part of CCPA roll out
2
Our CCPA privacy roll out plans support all your privacy needs
Data & Security Controls for CPRA Compliance
Fortify personal information to prevent breaches and avoid lawsuits
Both enforcement risk and private action risk involve data and security of your data. The first step is to identify applications that store personal information. These could be cloud apps or internal applications. Start with writing the queries needed to get access to personal information from these apps. Essert helps follow this up with automation using a privacy API engine. A parallel step is to complete a CIS 20 security controls assessment to identify major omissions and apply top recommendations. We help prevent data breaches by focusing on the exfiltration of personal information including identifying role-based access to personal information across the company.