Data Privacy Laws Affecting Businesses in California
[vc_row][vc_column][vc_empty_space][vc_column_text]San Diego, CA, February 6, 2019. Athena San Diego hosted a panel of data privacy experts to discuss how changes in privacy, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) affect businesses in the US.
Data privacy experts that shared their knowledge and experience with the audience:
- Reem Allos, Senior Associate, KMPG
- Robert Meyers, Director of Systems Architecture, Managed Solution
- Marines Mercado, Sr Privacy Analyst, ResMed
- Chris Vera, Manager, Office of Customer Privacy, SDGE
The field of privacy is changing. Consumers are now demanding privacy and noticing how their data is being used, and as a result they are taking back the control over their own data. In addition, the laws are holding companies more accountable to respect the privacy of their consumers.
The reality is, data privacy laws are going to apply to your business sooner or later, no matter where you are in the world. Therefore, being informed and ready to comply with the laws is crucial for your business to thrive in the future and establish trust with your consumers.
Robert Meyers, Director of Systems Architecture at Managed Solution explained that the number one challenge that companies face is knowing what data they are collecting in the first place: “The challenges arise when you are keeping data that you do not need anymore. Do not be a data pack rat, know what you have and delete what you do not need.”
The debate was very lively as the audience had a lot of questions and examples for the panel, demonstrating that new data privacy laws bring uncertainty. Therefore, every business should make sure they know in what way the privacy laws affect them and the data they collect and store.[/vc_column_text][grve_callout button_text="Apply here" button_link="url:https%3A%2F%2Fmanagedsolut.wpengine.com%2Fcontact-us%2F||target:%20_blank|"]To help you make first steps towards the CCPA, we offer a free 30 min consultation with our data privacy guru Robert Meyers, CISM, CIPP/E.[/grve_callout][/vc_column][/vc_row]
Being Compliant with Data Privacy Laws
Despite their importance, not everyone knows what data privacy laws are. In short, data privacy laws are all about prohibiting the disclosure or misuse of information of private individuals, and being compliant with data privacy laws is extremely important.
To date, there are over 80 countries that have varying degrees of data security laws in place. Most noteworthy is the European Union's recent enactment of the General Data Protection Regulation (GDPR). The United States, on the other hand, is somewhat notorious for not having a similar, comprehensive set of data privacy laws, but instead, some limited sectoral laws in some areas, based on the Fair Information Practice.
Basic Principles of Data Privacy
Despite the differences that may occur, some basic principles apply everywhere in the US.
- There needs to be a stated purpose for all data collected.
- The data collected cannot be disclosed to other individuals or organizations unless authorized by law or by consent.
- Record keeping should be accurate and up-to-date.
- There need to be specific mechanisms that will allow private individuals to review their data to ensure its accuracy.
- When the stated purpose is no longer relevant or needed; delete all the collected data.
- It is prohibited to send data where the same data privacy laws do not apply.
- Except for some extreme circumstances, data such as religion or sexual orientation cannot be collected.
Special Conditions for SMEs
SMEs are concerned whether they are, in fact protecting their client's data and whether they are in compliance with Data Privacy Laws. Here are several other conditions/reasons why SMEs are concerned.
- Their IT budgets may not be big enough or may be lacking the specialized workforce to implement sophisticated security solutions correctly.
- SMEs may be using cloud-based services
- Even if the cloud provider may handle the data, the responsibility to provide security still falls on the SME.
What's more, many of these businesses may not even be aware that they use cloud-based services - in which case they need to comply with these regulations. If you are using Gmail or Outlook.com, you are using the cloud.
All of the requirements presented above will only become more binding and rigorous with time, right alongside the seriousness of the data breaches, themselves.
It is also important to remember that a data breach can also cause more damage to a business than the direct value of the loss. First, there are the personnel costs related to the recovery. Then, we have others such as post-incident costs used for improving customer relations, the brand image, the investigation, plus the many years needed to protect your customer's credit.
The legal costs involved, such as fines, fees, and civil suits should also be mentioned here. Also, let's not forget about the value of lost customers which can quickly send an SME out of business.
Going forward, SMEs need to remember that there are many clearly defined requirements, both legal and financial, for providing adequate protection for your clients' data. As times goes on and digital threats become more and more prevalent, security measures will become more stringent, while providing data security will become another cost of doing business.
If you want to keep yourself up-to-date, please feel free to check out our website. Our IT professionals and engineers have 23 years of combined experience and are more than qualified to find solutions to all of your security concerns. Contact us today to schedule an assessment.
Data Loss and Privacy Laws
In today’s modern interconnected world, it’s almost impossible to work with computers and have an IT department without having to think about data loss and privacy laws. This is due to the large and continually increasing number of cyber-attacks which breach hundreds and thousands of businesses each year.
Any business or company operating today have some form of online presence, be it more visible, more global, or more discreet and local. However, no matter the online notoriety your business possesses, online threats and cyber-attacks are always around the corner.
So what exactly are Data Loss and Privacy Laws?
Data loss is something that can happen from both internal and external reasons. Employees can cause internal data loss due to a variety of factors. They may not have saved some files or might have accessed an e-mail and accidentally installed a virus on the company’s IT network.
It can lead to severe data loss. If your company doesn’t have specialized people in charge of managing the backup of files, your entire business can be in jeopardy. Imagine losing the financial data belonging to some significant clients, and not being able to retrieve the data (due to lack of a backup.) Also, you may not be able to tell your customers where their private data even is.
Worst case scenario
Based on today’s online privacy laws, your company can easily be sued. Depending on the importance of the lost data, it could turn into a pretty expensive lawsuit, leaving your company and your company’s reputation tarnished.
How can I prevent Data Loss and be sure to respect Privacy Laws?
Data Loss can easily be prevented by having specialized IT security people handling your entire network. It can be done by creating an entirely new department as part of your IT team. Better yet, you can hire a specialized company which will take care of, and be held responsible, for the entire safe storage, protection and data backup.
It would help you focus on running your business while being sure that all the sensitive and private data is being taken care of by specialized professionals in the field of IT security, all while following the latest Privacy Laws.
Another way you can safely backup your company’s data and be sure that everything is safe and secured, is by creating a Disaster Recovery Plan. Of course, it is not something any IT specialist can build.
Qualified personnel is needed in case of any cyber-attack that leads to the loss of essential data belonging to your company or private data of your clients. In these situations, contracting an outside company is recommended due to their experience obtained by creating several disaster recovery plans for many other companies.
Most affected industries
Industries such as healthcare, biotech, and finance are most likely to be targeted by a cyber-threat, which also makes them the sectors that mostly need a Disaster Recovery Plan. Nobody would like to have their financial or medical data being leaked online, or have their biotech blueprints stolen. It is the worst thing that can happen to a company that handles clients’ data, and it could even lead to losing clients and eventually, the entire business.
If you’re interested in more information about Data Loss and Privacy Laws, be sure to contact our specialized consultants. Here at Managed Solution, we are ready to answer your questions and offer you any additional information you require.