State-level momentum for data privacy legislation remains at an all-time high. Although a federal bill was recently drafted to standardize legislation, companies need to manage a range of growing state-specific requirements until that passes.

Each state-level law is unique, and each legislation may evolve as it's designed, approved, and modified. Simply understanding current data privacy requirements can be a full-time job. For example:

  • The reach of the California Consumer Privacy Act (CCPA) already in place expanded with the recent California Privacy Rights Act (CPRA). The new state legislation adds stronger rights and higher fees around the storage, use, and sale of Sensitive Personal Information (SPI).
  • The Virginia Consumer Data Protection Act (CDPA), which takes effect January 2023, expands rights to access, correct, delete, and obtain a copy of personal data provided to or collected by a company. The legislation also addresses the ability to opt-out of the processing of personal data for purposes of targeted advertising, sale, or profiling.

As laws like these multiply across states, consider the increased workload and processes required to support privacy and opt-out management according to each requirement.

Evolving sampling compliance laws
State-specific sampling compliance requires similar time-consuming maintenance. Understanding and managing evolving state-level licensing approaches resulting from the pandemic is essential for a successful sample management program.

We sat down with life sciences leaders to discuss data compliance considerations across state lines. Here are their top three recommendations to improve data compliance management:

Increase awareness
State legislations are a moving target. Sign up for state-specific mailing lists to get alerts, and collaborate with your government affairs office to help you stay ahead of evolving legislation. Professional organizations are available to share knowledge and awareness of state requirements.

Network with industry professionals
Industry organizations enable you to benchmark with colleagues in the industry to understand how others are responding to similar challenges. Industry groups that are hosted by outside legal firms can also generate helpful benchmarking and information.

Create a cross-functional compliance team
From a process standpoint, many different functions within an organization can be collecting information protected by privacy laws. Your organization may have a data governance function, but is that enough to meet the wide range of today's state-specific compliance requirements? Traditional data governance might just be keeping track of a narrow subset of all of your corporate data. Since outside rules may be changing at a faster pace than some of the internal parts of your organization, consider adding your legal team to help interpret the law.

Consider creating a core team within your company, with cross-functional representation to better understand how individual areas may impact compliance requirements across the business. It's important to have procedures, policies, and guidance in place to help direct your compliance practices. As the CRM system director at a global biotech company explained: "One of the biggest challenges is knowing who's using the data and how they're using the data. Is it being put into any systems? Is it in any systems that are hosted by third parties? There's just so much involved. So, it is very important to have that cross-functional team that understands where the data is going and how it's being used. That's really the best way you can protect your company."

Keep pace with rapidly changing compliance requirements at the state and local level with Veeva OpenData. Watch our Compliance Data demo for more information.

Attachments

  • Original document
  • Permalink

Disclaimer

Veeva Systems Inc. published this content on 09 November 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 09 November 2021 21:16:52 UTC.