Available Privacy Modules
TerraTrue currently offers five built-in privacy modules:
- GDPR (General Data Protection Regulation)
- CPRA (California Privacy Rights Act)
- VCDPA (Virginia Consumer Data Protection Act)
- CPA (Colorado Privacy Act)
- CTDPA (Connecticut Data Privacy Act)
- TDPSA (Texas Data Privacy and Security Act)
You can enable these modules org-wide, and/or choose to enable or disable them per launch, depending on the regional jurisdiction of that launch's activity.
To enable any or all of these modules, navigate to Settings > Privacy > Modules.
Understanding CPRA-specific taxonomy attributes
With the CPRA module enabled, your default taxonomies will be updated with a few new attributes:
- Data types will have an attribute called CA Breach, referring to the sorts of data that, if compromised, could give rise to liability if the data was insufficiently protected. This attribute designates which data types are subject to California’s data security requirements, since California’s data security requirements apply to fewer data types than the broader set of data privacy requirements.
- Data types will have a CA SPI attribute, referring to types of data that are subject to Californians’ right to limit the use of their sensitive personal information. For types of data that are associated with this attribute, we'll provide tailored guidance about how to comply with this right.
- Data uses will have a new attribute called ML (Machine Learning). The CPRA’s enforcement agency, the California Privacy Protection Agency, will have the authority to promulgate regulations limiting how companies can engage in automated decision-making. This attribute will help organizations flag which of their data uses pertain to automated decision-making, so that we can create the appropriate recommendations for when those regulations later get issued.
- Your taxonomies will have new Data Type CA Categories, as defined in the CPRA. These include the ability to designate certain data types as falling within the category of sensitive personal information or as falling within a list of types of personal information referenced elsewhere in California law. These additional categories of personal information are specified in the CPRA and will make it easier for organizations to disclose the exact categories of personal information that they are ingesting when making their privacy policy disclosures that are called for under the CPRA.
CPRA-specific taxonomy changes are automatic for TerraTrue's default taxonomy items, but you'll need to update these fields in your custom taxonomy items manually.
Scanning your launches for any compliance gaps
TerraTrue allows you to scan your completed launches and org information to get initial recommendations for complying with each of the various modules. To get started, navigate to Privacy Central > Recommendations. Select which modules you'd like to run your launches against, then click 'Scan Launches'. Open any of the recommendations to see which launches are impacted, and make any necessary changes.