The new year means new laws for your business with the implementation of CCPA just days away.
According to Law.Com. businesses in California or doing business in California need to get ready. “With just days to go before the California Consumer Privacy Act (CCPA) compliance date, some companies may be scrambling to get their data collection and management processes in order.
“Others, however, might be taking a wait-and-see approach before fulling investing into large-scale changes. Whatever an organization’s plan, there are certain things all covered entities should know about the far-reaching privacy law before January 2020.
“Reasonable” Security is Required
“The CCPA isn’t all about privacy. In fact, the regulation also mandates that covered entities maintain reasonable security procedures, something that does not get as much attention as the data handling requirements. “It certainly hasn’t been focused on and it ought it to be,” Mark Schreiber, partner at McDermott Will & Emery said.
“To be sure, exactly what constitutes ‘reasonable’ security isn’t clarified in the CCPA. Still, Schreiber said that there are hints in what the state expects given its past positions. “The California attorney general years ago in other pronouncements identified the 20 CIS [security] controls —which is this fairly intense and robust set of security standards—as being what California would look to. So that’s been out there for some years and those are fairly granular in terms of the different components that need to be in place. Read the full article here.
A Security Awareness and Training Program is Required
Number 17 on the CIS list, in the section Organizational CIS Controls requires your organization to roll out a Security Awareness Training Program. If you get hacked because a user falls for a social engineering attack and your suffer a data breach that has California-related records in there—and who hasn’t— you are in violation and can get fined.
Image Source: https://www.pexels.com/photo/photo-of-people-leaning-on-wooden-table-3183183/