The solution for data privacy management, tailored to fit your business needs with full support for data privacy and data breach laws in US states including California Consumer Privacy Act (CCPA), Illinois Personal Information Protection Act (PIPA), Nevada’s Online Privacy Law (OPL), New Jersey Consumer Privacy Act (NJCPA), New York Privacy Act (NYPA), Texas Consumer Privacy Act (TCPA) and Washington Privacy Act (WPA). Built on the ServiceNow platform to ensure seamless integration.
At Wrangu, we understand the challenges introduced by the various data privacy and data breach reporting laws in place in several US states and how enterprises worldwide that do business with residents of US states need to comply with these regulatory requirements.
Leveraging our extensive experience in supporting organisations with compliance with the General Data Protection Regulation (GDPR) in Europe, the US States component for Privacy Hub by Wrangu provides bespoke features and functionalities to support key requirements of the various US states laws. Enabling the US States component on Privacy Hub by Wrangu introduces new consumer rights request types (i.e. data subject rights requests), new data fields to capture required information and dynamic SLA and risk calculation logic. Visible changes can be seen on modules such as Data Subject Rights and Data Breach Management. The core functionality of the Record of Processing Activities (ROPA) and Data Protection Impact Assessment (DPIA) introduce tools to ensure adequate accountability whilst still running on the Privacy Hub best practice engine.
Our in-depth experience with privacy laws and regulations and with data privacy and risk management, means that we have unrivalled delivery capability. We offer the perfect blend of deep functional knowledge and technical expertise enabling you to manage privacy requirements.
The US States component for Privacy Hub by Wrangu has been designed as a plug in which offers quick and easy installation ensuring organisations achieve compliance within a short period. As further guidance is provided on these US regulations, ongoing maintenance of the solution is guaranteed through data driven property settings that can be readily configured, facilitating quick adoption of changes as required.
MODULES
Data Privacy Portal
Provides your data privacy team the ability to interact with all modules in a simple web-based interface as well as enables your employees to exercise and manage their rights, report potential data breaches and raise queries directly with the data privacy team.
DPO Dashboard
The DPO dashboard gives your data protection team a real-time overview of the entire organisation’s privacy activity on a single page. Provides drill down capability right down to live source data and enables flexible report creation with tailored views.
Data Subject Rights Requests (DSR) Module
The data subject rights module provides the ability for data privacy teams and data subjects to raise and manage consumer rights requests. Importantly, it captures parental consent for minors and children regarding the sale of personal information.
Highlighted features include:
- Dynamic workflows for consumer rights requests including right to know what personal information is collected, right to know what personal information is sold and to whom, right to say no to the sale of personal information and right to access personal information.
- Ability to vary SLA duration for each consumer rights requests type and indicate whether extensions are allowed. This enables organisations comply with different SLA durations based on applicable US state laws.
- A consolidated view of all open and closed data subject rights requests received from a particular data subject over a giver period of time to manage excessive request enables organisations determine the number of consumer rights requests received from a data subject over a defined period.
- Pause and on-hold button to ensure SLA durations only count when a valid request is received from the data subject.
- Open API allows capture of DSR requests from external sources
Data Protection Impact Assessment (DPIA) Module
The DPIA module relies on latest guidance from regulators and provides the ability to perform an initial DPIA screening questionnaire and if required, conduct a full assessment for new projects, ensuring adherence to privacy by design principles.
Highlighted features include:
- Automatic evaluation of DPIA responses with possible concerns raised for consideration.
- Built-in configurable risk calculation engine displays risk ratings based on responses.
- Facilitate multiple users’ completion of a single DPIA assessment.
- Configurable approval levels throughout the lifecycle of an assessment.
Record of Processing Activities (ROPA) Module
Comprehensive engine enabling the robust documentation of processing activities with the ability to relate a ROPA directly to services, processes or configuration items within the ServiceNow CMDB.
Highlighted features include:
- Capture new data points as required to ensure the completeness and ongoing relevance of the ROPA record.
- Maintain version history for each ROPA to support auditing and complaints processes.
- Flag changes in the CMDB and other sources that would suggest a need to update the ROPA.
- Generate and update a ROPA from a DPIA utilising the same data set from the DPIA.
- Indicate whether data subject rights requests should be fulfilled based on the lawful basis of processing for each category of data subject.
Data Breach Reporting
Acts as a register of all data breach incidents as they relate to personal data and facilitate the automatic determination of whether a report or notification should be sent to the Attorney General’s Office or impacted data subjects.
Highlighted features include:
- Standard process to support data gathering for number of impacted consumers, loss of unencrypted data and / or encryption keys so organisations can easily determine if notification to the data subjects or Attorney General’s Office is required if less than 500 data subjects are impacted or only encrypted personal data was breached without the loss of the encryption key and even where the encryption key is compromised where the compromise does not render the personal data accessible.
- Automated data breach SLA calculator to ensure regulatory stated reporting timelines are monitored and complied with.
- Generate and assign dynamic tasks to relevant parties in addressing data breach reporting requirements.
- Support report creation for notification to the Attorney General’s Office or communication to data subjects.
- Ready integration with ServiceNow Security Incident Response module.
Minor Release
Privacy Hub (core) 4.5 or higher
ServiceNow Rome, San Diego or Tokyo release