California is the worst state for data breaches, suffering 1,493 data breaches in the last decade exposing over 5.59 billion records, so it is understandable why they are implementing one of the strictest privacy acts. The California Consumer Privacy Act is days away before going into effect, applying pressure to companies to ensure they are prepared to handle new strict requirements such as regulating how businesses collect, use and disclose data related to an individual.
Currently, only 55% of companies plan to be ready by CCPA’s effective date of January 1, 2020, with another 25% planning to be ready by July 1, 2020, the date California will begin enforcement actions.
- Some organizations assume that if they are compliant with GDPR, they must be compliant with CCPA. CCPA is widely considered to be California’s version of GDPR, but CCPA defines “personal information” much more expansively. For example, CCPA’s compliance requirements include information linked at the household or device level, not just individuals.
- Take an accurate inventory of all customer information collected/managed by your company. If you don’t know what data you have, you can’t ensure you’re managing and protecting it according toCCPA. Companies going through M&A deals need to be especially careful to conduct a thorough IT audit. Marriott suffered a massive breach late last year after acquiring Starwood and inheriting its poor cybersecurity practices.
- Carefully map how CCPA-protected information is collected, stored, destroyed, and how it flows through your organization. Companies migrating to the Cloud means data can be accessed on countless of applications from various devices, including employees’ personal devices, from anywhere in the world. It’s critical to have security solutions in place, such as data loss prevention, that will protect data no matter where it travels. Customers can request to have their data to be readily available, and companies need to be able to respond in a timely manner.
- Be ready for change. Since CCPA was passed, numerous amendments have already been approved by the State Assembly and are now with the state Senate for review. As with all regulations, companies must expect CCPA to evolve over time and must be ready to act quickly to ensure continuous compliance. Companies relying on antiquated IT resources may have a particularly difficult time adapting to new requirements. There’s no time like the present to modernize IT infrastructure and adopt flexible tools that can adapt to quickly evolving business and security needs.