The Dangers of Not Having a Managed Service Provider
According to a recent Health System Management Article (9/2016), ransomware incidents have increased 128% in the past year. And mobile malware has...
How is CCPA like an 800-pound gorilla? The old joke asks, “Where does an 800-pound gorilla sit?” The answer is “Anywhere it wants to.” While CCPA was legislated to protect the data of California residents, data has no boundaries, therefore, CCPA sits where it wants, affecting businesses in other states. Just as an 800-pound gorilla has no natural enemies or predators, the CCPA represents the current dominant force for setting a new national data security and privacy policy in the United States.
As many have pointed out, CCPA shares much of the DNA contained in European Union’s (EU) General Data Protection Regulation (GDPR) that went into effect on May 25, 2018. These include the right to be forgotten, the right of portability and the right of access to data. These new laws and regulations show their teeth by affecting businesses whether or not they reside in California (or the EU, in the case of the GDPR). This regulatory beast will catch half of U.S. businesses off-guard because they will not be compliant by the deadline, according to a PricewaterhouseCoopers (PwC) survey.
The law affects any business with at least $25 million in annual annual revenues that buys, sells or trades personal information of California residents. In addition, any business that gathers the data of at least 50,000 consumers or earns more than half of their revenuefrom the sale of personal data are included in this regulation.
The first task to take on for companies seeking CCPA compliance is to map the consumer data that they have been capturing across Customer Relationship Management (CRM) systems throughout the years. Some companies might have to map 50 or more locations of Personally Identifiable Information (PII) scattered across their systems. Mapping will require identifying what type of data they have, where it is stored and transmitted, and how it is used even among third party vendors. Many organizations will need to implement new data integration technologies such as Tableau or Microsoft Power BI, to be able to connect disparate and siloed data.
Once that large task is completed, the next step is to develop a plan and a process to comply with CCPA consumer requests. To comply with CCPA, businesses must be able to document and demonstrate the plan to prove that it works.
CCPA requires businesses respond to consumer rights requests within 45 days. Businesses are obligated to disclose what data they have been collecting, for what purpose and what third parties share the data. They must provide consumers with access to a portable transmittable format of their data. Consumers also have the right to opt out of data gathering as well as deletion of any PII.
To accommodate the enormity of the CCPA 800-pound gorilla, businesses may require new technologies such as data mapping and integration tools as well as continuous backup and security solutions. Some companies might already have policies and procedures in place that will help with a readiness assessment. They will follow a readiness assessment with new business processes, including documenting and mapping the use of consumer data and keeping that up-to-date. If businesses are not already following a cybersecurity plan such as ISO 27001 or NIST, then they need to ensure data at rest is encrypted to reduce risk of data breaches. Finally, employees must be trained on how to handle customer PII.
While the cost of compliance can be daunting with many estimates in the six-figure range, the cost of non-compliance can be overwhelming. Non-compliant companies face fines and penalties of up to $7,500 per violation for civil suits. Possible class action suits can cost a company up to $750 per consumer per incident or in actual damages (whichever is greater), whether the violation is intentional or unintentional. In either scenario, where cases routinely cover multiple records and incidents, penalties add up fast.
Many businesses are employing managed security systems providers to sort out the details with complex tools to identify and organize collected data while providing consumers with easy access to delete or modify it.
If companies can document, demonstrate and prove their CCPA compliance plan, then they shouldn’t have to worry about the CCPA going ape.
As published in Dataversity.
Learn how CCPA and GDPR affect your business data systems from this quick comparison sheet.
According to a recent Health System Management Article (9/2016), ransomware incidents have increased 128% in the past year. And mobile malware has...
1 min read
Managed Detection and Response (MDR) Secures Enterprises Inside and Out Today’s advanced security technologies have done an adequate job of...
Seventh-Annual List Reveals Leading MSPs in Healthcare, Legal, Government, Financial Services & More Rockledge, FL (April 26, 2022) – Valeo Networks,...
With cutting-edge technology and quality customer service,
you’ll find everything you need to help your company soar
with Valeo Networks.
1006 Pathfinder Way
Rockledge, FL 32955
Business Hours:
M-F: 8AM-9PM
© 2024 Copyright Valeo Networks. All Rights Reserved.