Staying CCPA Compliant
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020 - have you taken the appropriate steps to keep your clients’ data secure and stay compliant? This privacy act dictates consumer rights and company responsibilities in relation to collected consumer data.
The law, AB 375, will allow any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. The law also allows consumers to sue companies if the privacy guidelines are violated. It’s important to note that consumers can take legal action, even if no breach has occurred.
If you are a for-profit organization that operates in California and collects consumer data, then you may have to comply with CCPA. If you answer yes to any of the following questions, then you must comply with the CCPA:
- Do you have annual gross revenue in excess of $25 million?
- Do you annually buy, receive for the business’ commercial purposes, sell or share for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices?
- Do you derive 50% or more of your annual revenues from selling consumers’ personal information?
CCPA Compliance Is All About Cybersecurity
CCPA dictates the tracking of device and household information or offering consumers the option to opt-out of the sale of their personal information. To comply, you must understand the five core requirements involved with the CCPA, all dictating how you are to collect, store, and access consumer data, as well as consumer rights involving that data:
- Data inventory and mapping of in-scope personal data and instances of “selling” data
- New individual rights to data access and erasure
- New individual right to opt-out of data selling
- Updating service-level agreements with third-party data processors
- Remediation of information security gaps and system vulnerabilities
10 Tips For Cybersecurity & CCPA Compliance
1. Use A VPN
When you use a Virtual Private Network (VPN), your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet through what’s called an exit node.
That makes it harder for an attacker to identify you as the source of the data – no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee.
2. Use A Firewall
Your firewall is your first line of defense for keeping your information safe.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
3. Stay Up To Date
Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software? Much of the software you rely on to get work done every day could have flaws -- or "exploits" -- that leave you vulnerable to security breaches.
To address this, developers regularly release software patches and updates to fix those flaws and protect users. This is why it's imperative that you keep your applications and systems up to date
4. Two-Factor Authentication
Two-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you're better able to make sure that the person using your employee's login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
5. Encryption
In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to make sure that private information is only accessible through the database program.
6. Network Monitoring
Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects.
7. Have An Incident Response Plan In Place
When you suspect an attack has taken place, you need to act quickly. Contrary to popular belief, some businesses take weeks or even months to realize they’ve been penetrated. If you suspect something has occurred, do the following:
- Make sure all your software is up to date.
- Scan your systems for virus or malware infections.
- Disconnect devices from the Internet and perform a factory reset – ideally, your data will all be backed up elsewhere.
- File a report with the local police and make sure there is a record of the incident.
8. Don’t Forget About Mobile Devices
This type of comprehensive policy dictates how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed.
An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes.
9. Test And Assess Your Cybersecurity
Determine how your data is handled and protected. Also, define who has access to your data and under what circumstances. Create a list of the employees, volunteers, donors or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. You must know precisely what data you have, where it's kept, and who has rights to access it.
10. Verify And Test Your Backups
If you want your desktop files backed up, it’s your responsibility to make sure your cloud is doing so automatically. You must have a backup copy of your data if it's stolen or accidentally deleted.
Develop a Business Continuity & Disaster Recovery policy that specifies…
- What data is backed up
- How often it's backed up
- Where it's stored
- Who has access to the backups
With so much to consider, it's vital that you have reliable and knowledgeable IT services to help you effectively maintain your CCPA compliance posture - On Time Tech can help. We have been assisting businesses throughout the region to build reinforced IT strategies that work within their business model to make them more secure and compliant.
Like this article? Check out the following blogs to learn more:
2020 Outlook: Why Are Countries Such as China Sponsoring Cyberterrorism Against Their Enemies?
The Cybersecurity Threats from China No One is Talking About
Cloud Security: Is the Cloud Safe to Store Your Data In?