It is well documented that the privacy landscape in the US is becoming a more complex space to navigate. Especially given the passing of the Virginia Consumer Data Protection Act (CDPA) and the Colorado Privacy Act (CPA) in the first half of 2021. On top of this, new comprehensive privacy bills are still being introduced, or reintroduced, in states like New York – A theme that looks set to continue for the foreseeable future or until a federal privacy law can be agreed upon.  

With the CDPA and the CPA in mind, as well the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), organizations operating in the US need to understand what data they are collecting and how it is protected under each applicable law. A foundational step in any privacy program is a data discovery and mapping exercise; but with provisions varying state by state, the necessity to perform this exercise becomes more apparent for US organizations in order to understand their obligations.  

The Complexities of US Privacy Compliance for Data Discovery and Data Mapping 

The introduction of the aforementioned laws, coupled with the privacy issues raised by the Coronavirus pandemic, has brought the need for understanding your data to the forefront of people’s minds. For example, several nations, including the US and the UK, introduced mandates requiring organizations to collect the vaccination status and/or results of recent coronavirus tests from employees. Such health data is typically regarded as sensitive personal information and often this means that it should be handled with special consideration. While some of these mandates have been withdrawn, they highlighted the privacy implications of processing sensitive personal information.  

In the context of US state privacy laws, the CCPA does not explicitly define sensitive information like its successor, the CPRA, and the CDPA operates on an ‘opt-in’ basis, meaning that organizations must obtain consent before processing sensitive information. The CPRA operates on an ‘opt-out’ basis giving consumers the opportunity to limit the use and disclosure of the processing of their sensitive personal information.    

This is just one example of the complexities of juggling the compliance requirements of multiple US state privacy laws. And it highlights the need for organizations to perform a comprehensive data discovery and mapping exercise to centralize and categorize personal information to form the foundation of their privacy program. Once data is found and mapped, you can have a much better view of what that data is, where it lives, how it is classified, and what laws and policies apply to it.  

Read the blog: How Data Discovery Enhances & Automates Your Data Map

Why is Data Discovery and Data Mapping Important?

When it comes to discovering and mapping personal data that your organization holds, you must first consider the location and format of the data. Automated data discovery solutions can scan across cloud and on-prem data sources to discover structured data and unstructured data such as that found in email, PDFs, and images.   

Delivering this data into a centralized data map helps give organizations a holistic view of their data. From there privacy, security, and governance teams can accurately classify data across diverse sources and evaluate the appropriate policies that apply under the CCPA, CPRA, CDPA, and CPA, as well as other applicable global privacy laws. 

Watch the webinar: The Automated Data Map: Your Foundation for Privacy, Security, and Governance

OneTrust data mapping automation enables organizations to unify and scale US privacy compliance efforts within a single code base that can continuously scan and monitor assets across structured and unstructured data and flag when new types of data appear in those systems. OneTrust also helps to catalog and classify all personal and sensitive personal information while tracking key attributes for regulation-specific compliance.  

To see how OneTrust can help with your compliance with US state privacy laws or how it can help you with automated data discovery and data mapping request a free demo and speak to one of our experts today. 


Join us at our annual conference and discover best practices to build trust within your company.

Register now