OneTrust, the market-defining leader for trust intelligence, announces new innovations across the Trust Intelligence Platform to help organizations responsibly use data and drive trust intelligence at scale. As companies tackle the challenges of data sprawl, OneTrust’s enhancements provide companies with the discovery, automation, and intelligence to manage data responsibly across the entire lifecycle, enable regulatory agility, and implement privacy by design. New capabilities also help organizations gain better visibility into their third parties and streamline their compliance programs.
Most organizations already recognize the intrinsic value of being a trustworthy business, but research shows that the value of trust is measurable. According to IDC1, “Prioritized investment in trust programs is significantly associated with improved business resilience, operational efficiency, and sustainability worldwide.”
“Companies want to unlock the value of trust, but they need the scalability and visibility of an integrated platform,” said Blake Brannon, Chief Product and Strategy Officer at OneTrust. “With these new capabilities, our customers have the foundation to build a resilient business and become good stewards of data – fostering trust with customers, employees, and stakeholders. Rather than reacting to constantly changing privacy, risk, and compliance requirements, we’re helping organizations differentiate with trust to drive their business forward.”
The Trust Intelligence Platform provides a single, comprehensive foundation to consolidate solutions across privacy, security, ethics, and ESG. Going beyond standalone tools and point solutions gives organizations the improved collaboration across departments and teams, centralized intelligence, and better decision-making capabilities to see the measurable benefits of trust.
OneTrust continues to enhance its privacy management, data discovery and governance, and consent and preferences solutions to enable regulatory agility and responsible use of data across the entire life cycle:
- AI-driven document classification for improved governance: Effective data governance requires full visibility into all data in the organization and where it resides. Now, OneTrust Data Discovery is becoming more intelligent by using machine learning to identify documents with sensitive data which can’t be detected through traditional pattern matching. Powerful classification capabilities identify data by its content and structure, such as sensitive data within a resume, and automatically apply a retention or deletion policy. This context, intelligence, and automation means less manual work for privacy and security teams to protect and responsibly use data across the organization.
- Streamlined Privacy by Design projects: OneTrust has added a new Projects inventory and Privacy by Design template to the assessment template library. This enables users to assess the privacy impact of internal and external products and embed privacy by design into the product or project lifecycle. In combination with Data Mapping, this template can be used to associate risks with projects in the data inventory and create relationships across other inventory objects, including assets, vendors, processing activities, and risks. With heightened scrutiny on the development of AI, this new functionality can also help assess privacy risk against AI products and projects to drive responsible AI.
- Data transfer enhancements: As organizations navigate continually evolving compliance requirements for safeguarding cross-border data transfers, OneTrust helps them more accurately and efficiently track, manage, and evaluate data transfers. Users can achieve visibility across the entire transfer lifecycle thanks to an improved cross-border map to visualize transfers, a new data graph visualization, and the ability to directly assess transfer records for risk. This enables organizations to ensure the appropriate measures have been taken, such as delivering appropriate notice to consumers, conducting transfer impact assessments, and implementing safeguards.
- Optimized consent management throughout the data lifecycle: OneTrust's consent platform has been enhanced to help organizations deliver the optimal user experience, capture consent, and manage data at scale more effectively and efficiently. Teams can now import historical data and capture new records of consent and data using forms or APIs, and integrate consent-based activation across systems including Adobe Experience Platform (AEP) and Tealium. Acting as an organization’s central consent library, OneTrust's consent and preferences solution provides enterprise-grade speed and scale to manage data throughout the lifecycle.
The global regulatory and threat landscape changes each day, requiring organizations to understand and manage a multitude of new requirements and risks. OneTrust is also announcing several new innovations designed to scale security and compliance programs, manage regulatory and reputational risk, drive effective ethics and compliance programs, and foster organizational resiliency:
- Expanded frameworks for Certification Automation: The fast-expanding compliance landscape means businesses must now navigate a growing number of frameworks and requirements. Now offering 31 frameworks across privacy and security, Certification Automation has added six new frameworks including a proprietary US State Privacy Legislations framework covering US state privacy acts: California (CCPA and CPRA), Virginia (VCDPA), Colorado (CPA), Utah (UCPA), and Connecticut (CTDPA). In addition, InfoSec coverage has been expanded to include NERC CIP, ISO 27017, ISO 27018, NIS 2, and Cyber Essentials (UK). With the ability to automate evidence collection and test once, comply many, organizations can gain efficiency at scale and better plan and report on their privacy and InfoSec programs.
- New intelligence data in the Third-Party Risk Exchange: Organizations need recent and relevant risk data to evaluate their third parties with accuracy and confidence. The OneTrust Third-Party Risk Exchange provides instant access to risk intelligence data from numerous data sources, including Supply Wisdom. Supply Wisdom brings compliance, financial, operations, location based ESG, and cyber risk data about third parties directly into the Third-Party Risk Exchange. Organizations can use this data, along with granular data from SecurityScorecard, RiskRecon, DataGuidance, and ISS Corporate Solutions, to monitor third parties over time and automate actions when risk scores change – enabling more scalable, efficient third-party management programs.
- Leverage HR data for workflows in OneTrust Disclosure Management: An employee's management hierarchy is often best positioned to manage disclosure and conflict of interest risks due to their understanding of the individual and job requirements. Implementing this manually can be time intensive and ineffective. With OneTrust Disclosure Management, organizations can now use their HR data to intelligently route disclosures to different workflows and automate the assignment of approvers within those workflows. This ensures that disclosures are sent to the appropriate individuals at the appropriate time, delivering effective risk management and reducing the need for manual intervention
- Beneficial owner screening in Third-Party Due Diligence: Regulations such as the OFAC 50% rule require organizations to verify whether beneficial owners with 50% or greater individual or combined ownership are sanctioned when screening third parties. The new Linked Entities functionality within the OneTrust Third-Party Due Diligence solution allows customers to add and screen beneficial owners against sanctions lists and adverse media concerns. Organizations now have the tools to meet regulatory expectations tied to beneficial ownership while protecting their brand against harmful third-party relationships.
1IDC, Prioritization of Trust Programs Yields Improvements on Key Business Outcomes, Doc #US50475823, March 2023