California’s CCPA law is officially in effect — and it’s just the beginning: The nationwide movement to regulate data protection is on. To better understand what this means for your business, our experts recommend thinking of data protection as a tripod, with the “three legs” of security, privacy and risk. Here’s what you should know about each…
Security: The Basics
Even if it weren’t required by law, securing yourself against cyberattacks should be a top priority for businesses of all types and sizes. And this isn’t a task to be passed on to your IT department, either: Your entire organization needs to get involved. Here’s what you need to know about cybersecurity, and here’s how to get the job done.
Security: The Latest
As if cybersecurity wasn’t already a big enough concern, recent geopolitical events are only elevating the urgency. Businesses in the United States “should expect serious cyberattacks from Iran in the next few months,” according to an “overwhelming majority of experts.” Read more at the Washington Post.
Privacy: The Basics
In addition to protecting sensitive data, the CCPA also restricts how data can be collected and shared. That means businesses have an obligation to disclose what info they’re gathering — everything from name and SSN to online browsing and search history — and to offer people a penalty-free option for opting out. Get more details in this legal analysis from Lexology.
Privacy: The Latest
If you think you’re exempt from protecting and sharing consumer data because you don’t do business in California, consider this: Other major states are already following the Golden State’s lead by introducing similar laws, including New York, New Hampshire, Virginia, and others. For example: Here’s an overview of Illinois’ new data privacy act, and here’s a rundown of what Florida’s got planned.
Risk: The Basics
In addition to imposing government penalties, the new laws empower consumers to take legal action when their info is compromised, compounding the risk for businesses that fail to comply. The first step in mitigating this risk is creating a trail of proof to satisfy government officials and other third parties in the event of a breach or audit. What’s your risk level? Find out here.
Risk: The Latest
Even outside of California, businesses across the U.S. are at risk for civil suits for failing to protect data – For instance, the Georgia Supreme Court recently ruled to allow a case against a medical clinic “for negligence, breach of implied contract, and unjust enrichment” for failing to protect patient data. Jurist Legal News has more details.
Need help achieving cybersecurity? Call Omnistruct at (916) 484-1111.