Prepare and Stay Compliant on GDPR & CCPA with INSZoom!

Posted by: Lawrence D'souza | Date: January 27, 2020

Data privacy is and has always been important. Most of the times data privacy is only associated with private information like account number, contact number, contact address, social security number, passwords, emails etc. People protect this information to prevent identity thefts. But for businesses, data privacy goes beyond that. It includes information that helps firms grow and operate, such as customer records, process documents, financial information. As more data is getting digitized, data privacy is gaining more importance. Customers expect data privacy and now it’s equivalent to a consumer’s trust in a company. Laws and regulations such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are brought into practice to protect individual’s privacy as well as unify the way personal data is protected, stored, distributed and used.

Gartner (Source: Gartner Report – April 2019) expects that by the end of 2019, more than 30 percent of technology providers’ new software investments will shift from cloud-first to cloud-only and through 2022, the market size and growth of the cloud services industry at nearly three time the growth of overall IT services. With increase in cloud usage, data becomes accessible from anywhere and anytime. In order to protect your customers’ sensitive information, your firm must embrace a culture of privacy.

We at INSZoom take data privacy and security very seriously. INSZoom, Inc. is a Privacy-by-Design company and possesses ISO/IEC 27001 certification. We are committed to supporting our customers’ trust and confidentiality in their case management work on behalf of their clients. We continue to review and act accordingly to changes in this regulation and serve our customers as they strive to do the same. We work on utilizing the latest in technology and devoting ourselves to best practices ensuring that your data is always secure and always available.

With SaaS applications like INSZoom, responsibility to protect your customer’s data is a shared responsibility of you as a firm and cloud platform provider (INSZoom). GDPR and CCPA provide different rights to individuals such as the right to access, right to delete, right to restrict processing, right to portability and several others. The key here is identifying and setting up your responsibilities, processes, INSZoom application and any other tools from your ecosystem that can enable you to manage these regulations and provide trust to your customers.

INSZoom has multiple features that can aid you in data security and privacy procedures. Here are some key features,

  1. e-Consent module-Allows you to define and take user consent for Terms of use, Terms of Service during the case lifecycle.
  2. User access and role management –Manage your firm users and what level of access they can have to the data.
  3. Foreign National (FN) and Human Resources (HR) Portals –Provide secured data access to your foreign nationals and corporation contacts.
  4. Multi-factor Authentication (MFA) – Enable more than one mode of user authentication to ensure right user has access to the data
  5. Single Sign-On (SSO) – Apply your network authentication or access management to access INSZoom data. Provide this ability to your corporation customers as well.
  6. Policy and Guidelines Module –Publish your general and corporation client specific policies on HR and FN portals.
  7. Use INSZoom as your single record management system to reduce complexity and size of managing compliance.

How can a firm prepare for GDPR and CCPA?
  1. Centralize your compliance efforts
    • Identify key business stakeholders
    • Define the core compliance team
  2. Update and maintain your privacy policy
    • Map data collected by your firm and update your privacy policy, so users understand what information you are collecting and how it’s being used. Policy must tell users what personal information is being disclosed or sold and give consumers the right to opt-out of data selling. Policy should also include a description of users’ rights.
    • Align the policy with the GDPR and CCPA regulations and disclose it to the public.
    • Update “Terms of Use” in INSZoom with your policy language. System will prompt it and collect the consent from your customer when they access the system using HR and Foreign National Portal.
    • You can subscribe to e-Consent module which allows you to manage all policy consent documents/templates. Prompt the “Terms of Service” or other consents while collecting data and documents from customer. It’s an online seamless process and system will track the consent log for you. e-Consent module allows you to notify and prompt the consent again for any changes in policy language.
    • You can also use INSZoom’s “Policy and Guidelines” feature to publish your general and corporation client specific policies on HR and FN portals.
  3. Implement and maintain reasonable security practices
    • Build and maintain inventory of all the personal data collected by your firm. Maintain data in secure environment that allows the necessary personnel to quickly and easily access user information to respond to any customer request.
    • Identify internal or external resources for information technology and data security.
    • Determine any contractual information security requirements.
    • Determine best practices for securing information collected, stored or used by the firm.
    • Regularly review internal information security practices and document them; prepare a data breach notification plan.

    With INSZoom as your record management system, your data is secured, and all measures are put in place to maintain the security and privacy of data. All you need is to define your operational procedures. Refer to the shared responsibility model explained earlier in this article.

  4. Develop a process for responding to customer requests such as access to personal data and specific pieces of information, delete personal information, opt-out of sale of personal information
    • Develop processes to address these requests. Processes should be thoroughly documented; the relevant employees should be well trained.
    • Implement templates for customer service communications.
    • Log and track requests from customers and retain copies of responses.

    With INSZoom, you can maintain all data, documents and communications of an individual in one profile. Use HR and FN portals to grant access to the requested data. You can delete the profile with just one click. Your policy document can include these procedures and using INSZoom’s e-Consent module you can convey it to customers. INSZoom has a Broadcast Module. You can mass-communicate to different groups of customers with your policies and procedures. You can also use INSZoom’s Policy and Guidelines feature to publish your general and corporation client specific policies on HR and Foreign national portals.

  5. Update vendor contracts to comply with CCPA, GDPR
    • Identify vendors or third parties that receive personal information from your business and include appropriate contract terms to address GDPR and CCPA requirements.
    • Review vendors and their privacy and data security practices.

    We have our updated privacy policies published on our website right here and in  the INSZoom application in compliance with GDPR and CCPA regulations.

  6. Train your staff on compliance
    • Offer appropriate training to your staff.
    • Prepare templates and checklists for your staff.
    • Document the training process and how compliance with your policies is evaluated for each employee.

    Establishing a robust privacy and security framework is the key to developing a long-lasting and trusting relationship with your customers and INSZoom is and will be your trusted partner in getting there successfully.

Inszoom Academy