Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). DPIAs are intended to make an organization identify and weigh the benefits that may flow from processing personal

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). For example, several state data privacy statutes mandate that a DPIA be conducted if an organization intends to

Profiling is defined in several statutes as any form of automated processing of personal data to evaluate, analyze, or predict personal aspects concerning an identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.[1] Profiling activities can loosely be grouped into the following three categories or buckets with the

No.

Within the United States organizations will only be required to conduct data protection assessments under the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA) beginning in 2023 if the processing of personal data for purposes of profiling presents a “reasonably foreseeable risk” to individuals. The type of risks contemplated by