In a quickly evolving regulatory environment, it is important that privacy professionals stay abreast with the latest legislation that may affect them and their businesses. With the influx of privacy laws and regulations being drafted and passed around the world, it has become difficult for professionals to know which rules apply to them. In order to combat the struggle of trying to understand this range of compliance obligations, ISACA has created a tool to compare laws and regulations to help technical privacy practitioners more quickly determine how their enterprise can achieve compliance.
How does it work?
The Privacy Regulatory Lookup Tool was developed with a team of expert reviewers to ensure that it is thorough and effective. It utilizes Microsoft Excel® to map the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Personal Information Protection and Electronic Documents Act (PIPEDA), Lei Geral de Proteção de Dados Pessoais (LGPD), Australian Privacy Principles (APPs), Personal Data Protection Act (PDPA) and Personal Information Protection Law (PIPL) with a core set of principles developed by ISACA.
What are the core principles?
ISACA’s Privacy Regulatory Lookup Tool covers the definitions of key terms associated with a law or regulation; the scope of a law or regulation; data subject rights; enterprise requirements; data protection; data management; enforcement; and third-party considerations. Each of these principles goes further into depth about applicable topics and subtopics to streamline the comparison process. For example, the enterprise requirements principle includes sub-principles like notifications, response periods, business rights, selling data, consent, privacy policies and data protection impact assessment (DPIA).
By digging deeper into these principles and sub-principles, a more comprehensive understanding of the expectations and requirements of privacy professionals and enterprises can be reached. Breaking down these terms, laws and regulations will enable privacy professionals to achieve compliance smoothly and thoroughly.
When will it be available?
ISACA will be launching the Privacy Regulatory Lookup Tool the week of 3 July 2023. It will be available for free to ISACA members and for purchase to non-members at the following link: https://www.isaca.org/privacy-regulations-lookup-tool.
For additional privacy educational resources, visit ISACA’s privacy’s page for access to frameworks, guides, trainings and relevant certifications to bolster your career.
Note: This tool is not a substitute for legal advice, and ISACA makes no assurance that its use is sufficient to achieve compliance. Note that supplemental guidelines, enforcement actions, etc., are beyond the scope of the tool.