Hello all. Sorry to have missed this last meeting, I did have something I wanted to mention, since this is the kind of subject that probably gets brought up more in consortiums than individual organizations...
Georgia (the state) is on the cusp of passing something called the "Consumer Privacy Protection Act". This is supposed to be modeled on a law already passed in Tennessee. Other versions of this law exist in several states, although in some states non-profits are exempt. Not the case here. Some of it seems to fall under GDPR, but not all of it.
I'm wondering if anyone here has had to make updates to their policies and/or procedures based on these laws. What we're finding is that to be in compliance we should conduct a "Privacy Risk Assessment". We're just trying to get some idea of what that might mean and the level of effort involved. It's hard to find any concrete examples of how to do this, or how it applies to organizations such as ours.
Anybody out there had to deal with these laws? What actions did you take to be in compliance?
Sorry for the cross posting if you all already read this in the Marketing forum, I just had a hard time finding a place where this question fit.
Thanks,
Henry