Vermont State Auditor Randy Brock’s report dictated that the Department of Public Safety (DPS) should seek repayment of $30,976 from three local government entities: $7,508 from the Village of Johnson; $19,650 from the Town of Norwich; and $3,818 from Rutland County Clerks Collaborative (RCCC).The Village of Johnson applied for a grant to replace equipment destroyed in a fire at the fire department building. At the same time, they acquired another reimbursement for this equipment by its insurance company and through the approval of DPS. The Town of Norwich applied for a grant to install a backup generator for its municipal building. However, a bulk of its matching contribution included the appraised value of a generator that was acquired several years prior. RCCC applied for a grant to hire a consultant to conduct risk assessments for its 14 member towns. To meet the local match requirement a DPS employee improperly encouraged the RCCC to submit the value of donated time by a paid contractor and false documentation of a cash vendor payment.In each of these cases, federal grant requirements or DPS accounting policies were violated. Brock’s report was a recommendation that DPS set up a process for tracking audit findings to resolution to be sure that all identified improper repayments are fully reimbursed.
CCPA-defined consumers have the right to:Know what personal information is being collected on themKnow if that information is being sold and to whomOpt out of that information being soldObtain a copy of their personal information Receive equal service and price regardless of whether they exert the above rightsSue for damages if their personal information is breachedThe CCPA’s very broad view of personal information includes the following:Demographic information (i.e., name, address, email)A unique identifier, such as an IP addressAccount or Social Security numberDriver’s license or passportPersonal property recordsOnline activityBiometric, geolocation, employment and education dataAny inferences that an entity draws from the above informationIn addition, Privacy Law Blog points out that the CCPA’s definition of personal information “includes information that is identifiable to a household, not necessarily a consumer.” The CCPA does grant an exemption for GLBA-regulated firms, but financial institutions need to understand the exact nature of that exemption. It only extends to data that is covered under GLBA. Other CCPA-defined personal information that an entity collects is covered under this law. For example, information collected through webpage tracking—something not covered under GLBA— would be subject to the CCPA.Importantly, the right to sue for damages in the event of a data breach is not part of the exemption and applies to GLBA-regulated firms and their GLBA-covered data. Map Consumer Data If you are covered under CCPA, start by mapping all of the personal information under your control. Chronicle of Data Protection recommends asking the following questions in order to do this:What personal information do you collect or possess?How do you collect it?Where and how do you store it?Do you share it with other entities?Is such shared data part of a sale, a provision of service, or used for some other purpose?As of Jan. 1, 2020, CCPA-defined consumers will have the right to request their information. Even though enforcement of the law will not begin until at least July 1, 2020, covered entities will still need to comply with such consumer requests at the start of next year. Personal information that is held by a third party on your behalf will likely pose the biggest risk. So, in addition to conducting your own data-mapping exercise, make sure all of your third-party vendors do the same and share the results with you. Update Privacy DisclosuresThe CCPA gives consumers the right to know exactly what personal information is being collected about them. In order to comply with that, businesses must provide a disclosure “at or before the point of collection.” It must “inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.” Covered entities must also disclose where that personal information is gathered from, the categories of third parties with whom it is shared and any specific pieces of personal information collected.These disclosures will need to be ready by Jan. 1, 2020, and New Jersey Law Journal warns that they “will be a large part of compliance.” They should be available “through a publicly posted privacy notice, and specifically upon request by a consumer.” They must also be updated annually. Create a Homepage Privacy Link The law also calls for a privacy link on the homepage of any covered entity’s business website. It must be “clear and conspicuous,” titled “Do Not Sell My Information,” and linked to a page that allows consumers to opt out of having their personal information sold. As soon as possible, covered entities should begin the IT change management process for adding this link to their homepage because it must be visible as of Jan. 1, 2020. Develop a Process for Handling Consumer RequestsStarting on Jan. 1, 2020, covered entities must be ready to respond to consumer requests about their personal information that are allowed under the CCPA. These requests must be processed free of charge and within 45 days. Therefore, covered entities need to develop appropriate procedures for processing the following types of consumer inquiries:Request a copy of their personal informationRequest that their personal information be deletedFind out what categories of their personal information are being soldRequest to opt out of the sale of personal information for those over 16 years oldRequest to opt in for the sale of personal information for those between the age of 13 and 16Obtain consent from a guardian to sell personal information from a consumer under 13 years oldIt is important that covered entities pay attention to the above age requirements, as the law indicates that, “a business that willfully disregards the consumer’s age shall be deemed to have had actual knowledge of the consumer’s age.” This could prove to be a risk area in complying with the CCPA. Identify and Implement System ChangesIn order to implement the above procedures, corresponding systems will need to be updated. Go ahead and make your IT team aware that changes are coming, so they can prioritize them within their change management process. Likewise, get started on writing the new procedures in order to give your IT team as much time as possible to incorporate them into your systems by Jan. 1, 2020. Train EmployeesOnce systems are updated, begin training employees on the key aspects of the CCPA, your corresponding procedures and system updates. This education should take place prior to Jan. 1, 2020, and the result should be that employees, especially those in customer-facing roles, understand the following:Their physical location or that of company headquarters does not determine CCPA coverageFor this law’s purposes, a consumer is a resident of CaliforniaWhere to direct or how to process consumer requests regarding their personal informationWhether your organization has decided to apply this law across its entire footprint for consistency sake or only to California consumers California is the first state to pass a comprehensive consumer privacy law with far-reaching implications. First, the California Consumer Privacy Act (CCPA) can affect organizations without a physical location in California. Second, it may push other states to accelerate passage of similar laws, as well as cause Congress to pass a national privacy law.Your organization needs to know if it is covered under the CCPA in order to begin preparing for its technical effective date of Jan. 1, 2020. Here is your eight-step process for doing that. Know Your Obligation to the CCPADorsey & Whitney explains that the CCPA “goes far beyond current U.S. privacy protections, and in many respects emulates elements contained in the European Union’s General Data Protection Regulation (GDPR).” And similar to GDPR, many U.S. firms are wondering if they are subject to the CCPA. Coverage starts with the consumer, which the CCPA defines as “a natural person who is a California resident.” Next, the CCPA applies to any for-profit legal entity that meets the following general criteria:Collects consumers’ personal informationDetermines how and why that information is processedConducts business in California, even if only onlineMeets one of the following annual criteria:Gross revenue of at least $25 millionCollects personal information for at least 50,000 consumers, households or devicesDerives half of its annual revenue from the sale of personal information 3SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr,Amber Goodrich Amber Goodrich, compliance strategist for CSI Regulatory Compliance, has more than 15 years of financial industry experience. She is a Certified Anti-Money Laundering Specialist (CAMS) and a Certified Regulatory Compliance … Web: https://www.csiweb.com Details Strengthen Data SecurityThe CCPA allows consumers to seek damages for breached personal information if it is the “result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices.” This has the potential to significantly up the financial and reputational ante of a data breach. Therefore, covered entities should review and update their information security and privacy policies and actively monitor their data security defenses to ensure this risk is mitigated to the greatest extent possible.A Lot Might Happen in the Coming YearDebate in California about the CCPA has not stopped. Both its opponents and supporters are still advocating for additional changes, which could mean that the law will be amended again before 2020. In addition, the California Attorney General has until July 2, 2020, to publish the law’s corresponding regulations, which will provide further clarification about complying with it. Beyond California, other states may begin passing their own laws, although how similar is uncertain. If they do, Congress may step in with a national privacy law in order to provide some consistency for companies operating in multiple states. As of now, those are the unknowns. The current state of the CCPA is the only known, and that is what covered entities must start preparing for as soon as possible. The upside is such preparation, in particular the data mapping, will put you in a better position to comply with any subsequent privacy laws that are enacted.
The new president, vice president and Senate of the Undergraduate Student Government for the 2013-14 academic year were inaugurated Tuesday night after the final Senate meeting of the school year.Inauguration · Chief Justice Jimmy Castrellon swears Christian Kurth in as Undergraduate Student Government President Tuesday. — Ralf Cheung | Daily TrojanAfter voting on the last items of unfinished business, the Senate meeting transitioned into the formal inauguration. Attendees dressed in formal attire for the occasion.President-elect Christian Kurth, who previously served as the USG director of university affairs, and Vice President-elect Ryan Park, previously a Greek senator, were sworn into office by the Chief Justice Jimmy Castrellon after the new senators took their oaths. After being introduced by former USG President Mikey Geragos, Kurth delivered a speech outlining his goals for the upcoming term.“We have been entrusted with the responsibility to help students feel at home on campus, to plan the greatest concert of their lives that they can enjoy with friends, to help them experience the culture of Los Angeles and to make sure their voices are heard by the administrations,” Kurth said in his inaugural speech.During their campaign, Kurth and Park promised to create an ultimate myUSC smartphone app, increase library hours, repair sidewalks on The Row and encourage the participation of the entire student body in USG’s decisions.“We want to help students understand what we do and why we do it, which is working to improve the USC undergraduate experience,” Park said. “We want students to rally around USG and use it as a voice to communicate [with] the administration.”Park said his experiences as Greek Senator have prepared him for the vice presidency.“Vice president is definitely going to be much more dynamic of a position, but I’ve learned a lot about the vice president’s responsibilities through osmosis by being on the Senate and learning from Vinnie [Prasad],” Park said.In addition to the inauguration of the president and vice president, 12 senators were sworn into office.Sophomores Nicole Schrad and freshman Logan Heley and junior Jamie Dick were inaugurated as Greek senators, while juniors Brett Ressler, Matthew Leiv and Lorin Winata were sworn into the positions of commuter senators.Freshmen David Choi, Michael Nguyen and Samantha Cheng and sophomores Matthew Prusak, Brandon Chang and Brianna McRee were inaugurated to serve next year’s residential constituency in the Senate.Park said that though the inauguration is an important event for transitioning the new officers, the process would be better carried out sooner.“It’s essentially the passing of the torch between the old Senate and the incoming Senate, as well as the old president and vice president and the new ones,” Park said. “It’s more of a formality and should be done directly after we’re elected, in my opinion.”Geragos and Prasad said they have mixed feelings about the conclusion of their administration, but are optimistic about the future of USG.“It’s definitely bittersweet to pass the torch,” Geragos said. “I’ve had such an amazing time leading this organization and I will miss the work, but it has been a tiring process. It makes it a lot easier for me to pass it over knowing that I’m giving the presidency to one of my closest friends.”Prasad said he will always cherish the relationships he built and the things he was able to accomplish during his term, but that he is ready to move on from USG and looks forward to watching Kurth and Park head the organization.Prasad also offered words of advice for the newly inaugurated administration, encouraging them to forge connections with others as soon as possible.“I’d advise them to take the time to build relationships early, both inside of the organization and outside,” Prasad said. “Those relationships are key to tackling the challenges that come up throughout the year and creating the best possible experience for the undergraduates.”In his speech, Kurth said he would continue to follow in Geragos’ footsteps in striving to build lasting relationships. He concluded by expressing his eagerness to begin his term.“I truly believe that this year will be the greatest year USG has ever seen,” Kurth said, “and I can’t wait to get to work.”