From new ESG regulations to a crackdown on bribery, rapid fluctuations in crypto currency, changes to the regulated sector and the ongoing conflict in Europe demanding a laser-like focus on the supply chain, 2023 looks set to demand even more from compliance professionals.

We have created an in-depth guide to everything compliance in 2023. The guide covers the top ten items you can expect to see in your regulatory inbox, with tips on next steps.

Continue reading
Data Privacy knowledge check screenshot

VinciWorks has released a new five minute course to help organizations test their staff’s data privacy knowledge. The knowledge check has also been added to our data privacy training suite. Knowledge checks consist of different scenarios to help employees understand which course of action to take in different situations. We recommend knowledge checks are added to existing data privacy training plans as a refresher course.

The five minute data privacy knowledge check covers:

  • What counts as personally identifiable information (PII) and best practice
  • The principles of handling data
  • Scenario questions to test your ability to correctly handle certain situations
  • When and how to report a breach
  • Dealing with Confidential Disclosure Agreements (CDA) and Non-Disclosure Agreements (NDA)

Demo the course

Happy New Year! The CCPA is now in force

California Consumer Privacy Act button

What is the CCPA?

The California Consumer Privacy Act (CCPA) is one of the strictest privacy laws in the US and comes into force on January 1, 2020.

The CCPA will have a significant impact on corporate privacy rules across all sectors of technology, media, entertainment and telecommunications.

The CCPA gives California residents the ability to control how businesses process their personal information. Businesses must comply with data subject requests to access or delete the data the business might hold on them. Businesses will also have to comply with requests for data subjects to opt-out of having their information shared or sold.

Continue reading

The California Consumer Privacy Act (CCPA) comes into force in January 2020 and it is important to take steps to prepare for the new legislation. Since GDPR came into force, EU consumers have developed a greater awareness of their rights pursuant to the regulations, and expect businesses to comply accordingly. The same is bound to happen in the US as the introduction of new regulations, such as CCPA, will make consumers more aware of their rights and the importance of ensuring their personal data is not mishandled.

Be prepared for:

  • Hypersensitivity from consumers regarding how their data is used
  • A stream of communications from consumers in the months following the implementation of the Act
  • Consumers misunderstanding parts of the Act and making demands which exceed the scope of the Act
  • An expectation that consumer-facing staff know the details of the Act
  • An eagerness to take action against non-compliant businesses
Continue reading
Smart phone with a symbol of a padlock on it

California Assembly Bill No. 375, also known as the California Consumer Privacy Act of 2018 (the “Act”), was approved and passed on June 28, 2018 and comes into force on January 1, 2020. Here we attempt to dissect the CCPA 2018 and help establish who actually is required to comply with the Act.

Who does the Act apply to?

The Act applies to any business, partnership, company, corporation or other legal entity (“business”) operating for profit that collects personal information from consumers in the State of California, but only if one of the following applies to the business:

  • It acquires 50% or more of annual revenue from selling consumer information
  • It has gross annual revenue of $25m or more
  • It sells personal information belonging to at least 100,000 consumers

If a business meets one or more of the provisions above, it must comply with the Act.

Continue reading
The five data principles

The meaning of data can be as broad as any information, from health records to a lunch order. Different kinds of data are subject to different laws with varying levels of severity. Data about a person’s health, for example, is subject to a strict set of regulations known as HIPAA. Here is some guidance on protecting your clients’ and colleagues’ data through five basic data privacy rules.

Data privacy law in the US

Data privacy rules apply to any information that can be used on its own, or in combination with other clues, information, or context, to identify, contact, or locate an individual. 

Data covered by data privacy rules is any information related to a person that could be used to identify that person, either directly or indirectly.

It could be a name, photo, email address, date of birth, ethnicity, religion, financial record, medical information, or employment history. It could even be posts on social networking sites.

Different countries use different terms to describe this kind of data. In the US, it’s known as personally identifiable information (PII).

The key data principles

While specific rules on data privacy can vary by state and jurisdiction, there are some basic rules that should always be followed. You need to be aware of these because everyone in an organization is responsible for protecting the data held on employees, customers and clients.

Continue reading
Screenshot of an interactive quiz in the data privacy course

Data Privacy: Fundamentals provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States. The course combines short bursts of learning with practical scenarios and real-life case studies to ensure all staff know how to safely and securely work with data. Interactive scenarios test and score data privacy knowledge as you progress through the training.

A unique, experiential approach to data privacy, the Fundamentals course focuses on the practical knowledge and straightforward behaviors all staff need to know to keep data safe and secure. The course can be purchased either as a stand-alone course or as part of our data privacy training suite.

Continue reading

Globe with USA highlighted

What is the California Consumer Privacy Act (CCPA)

While EU businesses must now comply with GDPR, the majority of American based organizations are unaware of the preparation it takes to be compliant with the new privacy laws that are slowly becoming the norm. California has adopted a law similar to GDPR called the California Consumer Privacy Act, set to take effect on January 1st, 2020. Our California Consumer Privacy Act whitepaper goes into more detail about the Act and how it can affect your business.

Continue reading

California Bill No. 375, also known as the California Consumer Privacy Act, was
approved and passed on the 28th of June 2018. While it won’t come into effect until
January 1st, 2020, it is necessary for all organizations involved to have a comprehensive understanding of the law’s requirements and what is expected of them. The Act is applicable to any business, partnership, company, corporation, or legal entity that operates for the purpose of profiting as well as collects consumer’s personal information from the state of California. While The Act has certain similarities to the EU’s General Data Protection Regulation (GDPR), it’s conditions are somewhat different.

VinciWorks has published a whitepaper that explains the California Consumer Privacy Act and gives guidance on how businesses can comply with The Act.

Download whitepaper

Continue reading

Pre-GDPR consent email
Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks

25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?

Your website can be accessed from around the world

US website down due to GDPR compliance
How often have you got this message when trying to access a US-based website from an EU country?

Continue reading