Data privacy is one of the hottest conversation topics spanning all industries and regions – for good reason. With exponential amounts of enterprise data only increasing, ensuring data privacy involves layered, complex challenges for any business. Meeting evolving compliance and privacy regulations especially in the age of COVID-19, such as the CCPA law which is just beginning to be enforced, is one of those layers.
Below are some tips from myself and other technology industry experts for the best ways to seamlessly enforce CCPA compliance even in the age of COVID-19.
Consult the Experts
One of the most important steps organizations can take to guarantee they are on the right path towards compliance is to rely on hosting providers that have teams experienced with privacy law regulations. These providers can guide the process needed to guarantee data is managed within current and upcoming privacy regulations, allowing organizations to focus on maximizing data usage and the experience for their customers
Take Action to Prevent Data Breaches
“Nobody is safe from an attack leaking personal information, and it’s absolutely essential that correct cyber measures are in place to secure privileged accounts, in particular, as thoroughly as possible. With more information online and spread out than ever before, hackers not only have the ability to scam people, but also undoubtedly have access to private messages, security information, and other personal information.
To protect organizations during this transitional remote working phase and the implementation of CCPA, it’s imperative to provide your IT administration teams, outsourced IT, and third-party vendors with secure, granular access to critical infrastructure resources regardless of location and without the hassles of a virtual private network (VPN). Privileged access management solutions can both maintain compliance and enable secure remote access to on-premises and cloud-based infrastructures, securing all administrative access with risk-aware, multi-factor authentication (MFA), and maintaining the level of compliance CCPA requires,” said Torsten George, cybersecurity evangelist, Centrify.
Be Transparent about the Data Being Used
“Even in the remote work environment, relevant companies must ensure they’re offering customers and staff information on what data is being collected, options around which personal details are being gathered, the right to say no and opt out of data collection, the right to request deletion of their information and equal pricing despite their privacy selections. It is a good time to update privacy policies and notices, check on the company’s consumer rights protocols and data gathering processes/inventories, as well as ensure the right cybersecurity measures are in place. Compliance officers will also need to be more assertive and proactive about their check ins to ensure all areas of the organization are following the CCPA’s requirements, since they can’t just ‘drop in,’” said Sam Humphries, security strategist, Exabeam.
“The passing of a cohesive U.S. federal privacy law, one that will preempt state laws, is gaining momentum. It has strong bipartisan congressional support, and several large companies from a variety of industry sectors have come out in favor of it, some even releasing their own proposals. There are draft bills in circulation. With a new class of representatives sworn into Congress in 2019 and the CCPA effectively putting a deadline on the debate and officially being enforced in July, there may finally be a national resolution to the U.S. consumer data privacy problem. However, the likelihood of it passing in the very near future is slim.
A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law. It will take several months of negotiation among lawmakers to agree upon how the federal law would be implemented. While companies wait for the passage of a national privacy law and then for it to actually take effect, they must continue to monitor developments in both state and federal privacy law and adapt as necessary,” said Wendy Foote, contracts manager, WhiteHat Security.