Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily
ViewLearn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.
See a demo
 Iowa became the sixth state in the U.S. to enact a comprehensive data privacy law with the passage of Senate File 262—Consumer Data Protection Act (ICDPA), which Governor Reynolds signed into law on March 28, 2023. The law will take effect on January 1, 2025.
Under ICDPA, an entity conducting business in the state or targeting products or services to Iowa residents is subject to the law if, during a calendar year, it meets either of two criteria: it controls or processes the personal data of over 100,000 Iowa residents, or it controls or processes the personal data of more than 25,000 Iowa residents and drives more than 50% of its gross revenue from the sale of personal data.
The ICDPA aligns closely with California, Colorado, Connecticut, Utah, and Virginia data privacy laws. As a result, businesses already complying with those states' regulations are not expected to face significant additional compliance burdens under Iowa's new law.
Securiti enables organizations to comply with Senate File 262 – Consumer Data Protection Act (ICDPA) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises' journey toward compliance with Senate File 262 – Consumer Data Protection Act (ICDPA) through automation, enhanced data visibility, and identity linking.
ICDPA Provisions
Use our collaborative, multi-regulation, readiness assessment system to measure your organization's posture against ICDPA requirements, identify gaps, and address compliance risks.
ICDPA Provisions
Automate compliance with ICDPA using Securiti common controls and tests.
Section(s): 4(5)
Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates in compliance with the ICDPA.
Section(s): 1(6), 4(2)
Monitor consent for various data processing activities via the central dashboard. Track consent revocation to prevent the processing or transfer of data without consent.
Section(s): 1(6), 4(2), 4(6)
Scan websites to classify cookies, deploy customized consent collection points, and link consent to user identities and personal data categories collected from endpoints.
Section(s): 1(4), 1(19), 1(26)
Discover personal data and sensitive data stored across all systems within the organization and link it to unique data subjects. Visualize personal data sprawl and identify compliance risks.
Section(s): 4(5)(a), 4(5)(b), 4(5)(d)
Trace data flow across your systems, catalog data collection and transfer, and document business process flows internally and to the processors.
Section(s):Â 3
Create customized web forms and accept verified DSR requests. Automate the initiation of the access, correction, deletion, portability and opt-out request fulfillment workflows in compliance with the ICDPA.
Section(s): 5(1)(b), Iowa Code § 715C.2
Track and manage potential incidents and data breaches with automated notification guidance based on global regulatory requirements.
Section: 5(2)
You can track privacy and security readiness from a single interface for all your service providers. You can also collaborate instantly with processors and manage all processor agreements and compliance documents.
Section: 4(1)
Discover and auto-remediate security misconfigurations in SaaS and IaaS data systems using a library of rules based on vendor recommendations, industry standards, and best practices.
Signed into law by Governor Kim Reynolds on March 28, 2023, and goes into effect on January 1, 2025.
ICDPA defines personal data as any information linked or reasonably linkable to an identified or identifiable natural person.
Controllers must adopt and implement reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data.
Controllers are barred from discriminating against consumers who exercise their rights under the law or process their personal data in violation of state and federal laws prohibiting unlawful discrimination.
Applicable organizations must provide a clear privacy policy notice, limit data collection to necessary purposes, and offer an opt-out of data sales.
ICDPA grants Iowa residents rights such as access, deletion, opt-out and portability of their personal data.
Enforced by the Iowa Attorney General, who can issue civil investigative demands to the controllers and processors and initiate a civil action for non-cured violations.
Continuous violations or breaches of an express written statement regarding the cure of the violation may result in civil penalties of up to $7,500 for each violation.
ICDPA is similar to privacy laws in California, Colorado, Connecticut, Utah, and Virginia, minimizing additional compliance burdens for businesses already ensuring compliance with those regulations.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2024 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128
