How do I use TerraTrue's CPRA module?

Enabling the CPRA module

  1. To enable the module by navigating to Settings > Privacy > Modules. (If you've already been using the CCPA module, it will be enabled for you by default.)
  2. Navigate to Settings > Privacy > Profile to respond to a few new questions about your organization. This information will help us provide you with CPRA-specific recommendations.

Understanding CPRA-specific taxonomy attributes

With the CPRA module enabled, your default taxonomies will be updated with a few new attributes: 

  • Data types will have an attribute called CA Breach, referring to the sorts of data that, if compromised, could give rise to liability if the data was insufficiently protected. This attribute designates which data types are subject to California’s data security requirements, since California’s data security requirements apply to fewer data types than the broader set of data privacy requirements.
  • Data types will have a CA SPI attribute, referring to types of data that are subject to Californians’ right to limit the use of their sensitive personal information. For types of data that are associated with this attribute, we'll provide tailored guidance about how to comply with this right.
  • Data uses will have a new attribute called ML (Machine Learning). The CPRA’s enforcement agency, the California Privacy Protection Agency, will have the authority to promulgate regulations limiting how companies can engage in automated decision-making. This attribute will help organizations flag which of their data uses pertain to automated decision-making, so that we can create the appropriate recommendations for when those regulations later get issued.
  • Your taxonomies will have new Data Type CA Categories, as defined in the CPRA. These include the ability to designate certain data types as falling within the category of sensitive personal information or as falling within a list of types of personal information referenced elsewhere in California law. These additional categories of personal information are specified in the CPRA and will make it easier for organizations to disclose the exact categories of personal information that they are ingesting when making their privacy policy disclosures that are called for under the CPRA.

CPRA-specific taxonomy changes are automatic for TerraTrue's default taxonomy items, but you'll need to update these fields in your custom taxonomy items manually.

Scanning your launches for CPRA gaps

TerraTrue allows you to scan your completed launches and org information to get initial recommendations for complying with the CPRA. To get started, navigate to Privacy Central > Recommendations.