Another month means another opportunity for OneTrust to take your privacy program to the next level. In this blog post, we’ve got BitSight integrations, consumer rights requests, and an APEC CBPR comparison chart.
Organizations are increasingly reliant on outsourcing operations to third parties. With so many vendors, it can become difficult to vet, manage, and monitor their relationships. Because of this, many companies are looking at third-party risk software solutions to help them identify risky vendors and implement controls.
Vendorpedia and BitSight work together to help companies understand if the vendors that they work with are safe to do business with. With the integration, organizations can set automation triggers using BitSight Security Ratings. For example, when a BitSight Security Rating reaches a defined threshold, Vendorpedia can:
- Create a New Risk
- Trigger an Automated Assessment
- Kickoff an Incident Response Workflow
- Notify Key Stakeholders via Email
- Update Your Vendor Inventory
Consumer Rights Requests
There are two major updates with Consumer Rights Requests happening right now at OneTrust: a manual addition to Targeted Data Discovery™ data points and the ability to map custom scopes and claims to web forms through OpenID Connect (OIDC).
Imagine the ability to manually add data points to a results summary without the extra hassle of creating groups through API calls. No need to imagine. It’s here. With this functionality, users can populate their Targeted Data Discovery results summary with data from offline systems. Users can also tailor their content to be readily shared with consumers as well, keeping this process simple and user-friendly for all.
In addition to data points, users now can map custom scopes and claims to web forms through OIDC. We covered OIDC a bit in this blog post, but here’s a quick recap: with OIDC, consumer requests have never been so easy. This protocol allows authentication for users across websites and apps without having to own and manage password files.
With OIDC, you can map custom scopes and claims from external identity providers (IdP) that support OIDC to pre-populate web form fields. Once a data subject is authenticated by their IdP and routed to the web form, the requested information will map a data subject’s information from the IdP into the corresponding web form fields. These fields cannot be edited once filled to secure the web form entries.
APEC CBPR Comparison Chart
OneTrust DataGuidance recently announced the addition of its APEC CBPR Comparison to its Data Transfer module. This provides a means of monitoring and understanding the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (APEC CBPR).
The APEC CBPR system is meant to simplify personal data flows across jurisdictions. With this comparison, users can now:
- Understand, monitor, and explore the APEC CBPR system, including participant jurisdictions, benefits, and certification procedures.
- Track APEC CBPR and PRP developments, such as new Accountability Agents and participating jurisdictions.
- Understand certification requirements and processes for jurisdictions and organizations
- Review compliance conditions and understand applicable regulations from each participating jurisdiction.
- Access detailed analyses of jurisdictional Enforcement Maps and Joint Oversight Panel Finding Reports.
- Understand Accountability Agent expectations and certification procedures.
- Compare jurisdictional requirements for key topics such as privacy notices, collection limitations, security safeguards, and uses of personal information.