Get ready for CPRA: For executives and security leaders that are keeping an eye out for data privacy compliance regulations, note that the proposition to expand CCPA’s regulations passed on November 3, 2020. The date that you want to mark on your calendars is January 2023. The expansion of CCPA is called the California Privacy Rights Act (CPRA). It is meant to provide the consumer their complete data rights.
What you can expect is an increase in fines against companies who break data privacy rules. Also, California is set to create an agency that will work with its own justice department to enforce the data privacy laws. Lastly, consumers will be able to ask where and how their data is being used, that a company does not share their personal data, that a company must make corrections to any incorrect data they are storing and using of theirs.
As mentioned in different industry news articles, the fact that companies were already forced to prepare for CCPA, should make getting compliant for CPRA not a major problem. However, we also know that many companies outside of California and elsewhere may not have taken the measures to meet CCPA compliance regulations. What’s also important to note is that CPRA may very well extend beyond California and there’s always the potential for more states, or the entire country, to present a data privacy regulation down the line.
When we asked our very own security expert and CEO of NCX Group, Mike Fitzpatrick, what is important to note about CPRA, this is what he had to say:
“There were several takeaways for me on this ballot measure as several Consumer Privacy Rights Activists came out against this ballot measure as it limited many of the rights for Californians. One of the largest groups against the ballot is the EFF – the Electronic Frontier Foundation, https://www.eff.org. One of their biggest concerns is that Californians Privacy rights stop at the California Border now. Before Prop 24, Californians Rights were enforced no matter where in the world they went. Additionally, Prop 24 limits the legislative process as it makes it almost impossible for the legislator to change what many privacy experts have seen as a mess from the beginning, requiring 45 amendments to be introduced. One of the fundamental problems with this Ballot Measure is it’s written by a wealthy real estate developer who knows nothing of the complexity of the Cybersecurity and Data Privacy, but has enough money to circumvent the legislative process, without giving his original Ballot Measure time to go through a legislative process.”
Due to data privacy growing in importance, we know that with or without the knowledge of cybersecurity, there is a high possibility that more regulations will come like the CPRA, even if modified down the line.
Getting started with meeting compliance now is what gives plenty of time to companies to take the steps necessary to meet compliance regulations for CPRA and avoid hefty fines, while also properly storing and safeguarding the personal and sensitive data of your customers and company employees.
In order to do this, company executives want to have a compliance strategy. While some may suggest automated solutions, an effective strategy involves a security and data privacy expert. This type of support gives a company the ability to make sure the compliance model fits all of the company’s specific data organization needs; as well as ensuring the security needs for all three states of that data (at-rest, in-transit, in-use). A security and privacy expert will also guide you on the areas of data management. This involves knowing who can access the data, training employees on using that data, and for software developers to know how to handle data with care and meeting compliance.
Another reason why automation is not an advisable strategy to meeting CPRA compliance regulations is the risk of cyber criminals accessing a company’s data with such ease, seeing as their tactics are much more sophisticated than a company that lacks the proper security posture. Compliance alone is not what helps a business succeed when data gets breached.
So, make sure you are meeting your company’s compliance regulation needs, such as the upcoming CPRA, as well as your company’s cybersecurity and risk management needs. Give us a call to talk to one of our security experts and get started on meeting CPRA compliance regulations, as well as getting a cyber risk check.
Photo courtesy of docstockmedia