The daily news of data breaches, ransomware and malware attacks may not be such a surprise anymore, but they remind individuals and businesses of the importance of data protection. Fortunately for individuals, governmental regulation is being enacted to protect data privacy and penalize the companies that do not comply, intentionally or unintentionally. Most recently, California signed into law the California Consumer Privacy Act (CCPA) of 2018 which focuses on protecting the sensitive data of consumers beginning Jan. 1, 2020. Many people point out it shares the same rights as contained in the passage of the European Union’s (EU) General Data Protection Regulation (GDPR) that went into effect on May 25, 2018: the right to be forgotten, the right of portability and the right of access to data.
While each regional government tries to protect the data of their residents, it goes without saying that data has no boundaries in our digital world. Therefore, these new laws and regulations affect businesses whether they reside in these respective states or not. The GDPR regulation website states that GDPR was designed to “protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy” and puts the onus on businesses to avoid penalties. The CCPA focuses on the rights of the consumer and broadens the definition of personal data to include that of devices and households. It’s up to consumers to file complaints prior to any fines or penalties being assessed.
Under the CCPA, businesses must be aware of what constitutes private data and locate and secure such private data, even policing their vendors to ensure that they are compliant.
The CCPA law affects all companies with at least $25 million annual revenue that deal with California consumers, whether the business is based in California, another state or even overseas. Also, any businesses that gather personal data of at least 50,000 consumers or collect more than half of their revenue from the sale of personal data are included in this regulation. California allows for businesses to offer financial incentives to consumers who share their private data, but they must opt in.
The GDPR protects similar private data as the CCPA and recommends that companies provide a “reasonable” level of protection for personal data. It also mandates that the business explains to the individual how their information will be used and to explicitly ask for their permission to collect and process it.
The GDPR regulation affects all companies with more than 250 employees that do business in the EU or with EU residents, collecting and processing their personal data including using their emails on collaborative business tools.
In order to protect customers’ personal information, businesses need to know what data they have, where it resides and how it is processed. In this way, they can set up the appropriate security measures to be compliant with new regulations.
Businesses need to perform assessments of their data processing, storage and protection procedures in order to identify any areas for potential breaches. This might involve all departments inventorying their applications that house personal data and mapping how data is transmitted across shared or collaborative environments. In this manner, companies can create a secure and encompassing plan to prevent the possibility of unauthorized processing or accidental disclosure of personal data.
There’s a lot of work to be done to get ready for the CCPA deadline, but streamlining the data that a company collects, processes and stores could actually create efficiency. Companies need only gather the necessary pieces of personally identifiable data to perform their services and reduce the time and resources (they have spent in the past) to store all of it. Compliance can be viewed as a company’s competitive advantage by offering consumers’ the peace of mind that their data is protected and secure.
Check out our CCPA and GDPR Comparison Table for specifics.
If your business needs to know what has to be done for its IT systems solutions to meet the requirements of the CCPA and GDPR, contact Valeo Networks. Valeo Networks can perform a risk assessment and review and assess your current data protection policies and procedures. Valeo Networks can also make recommendations to implement a privacy and security plan. Contact Valeo Networks at 800-584-6844 or via sales@saalexIT.com.