Avoiding Danger with
Secure Data Storage
California’s Consumer Privacy Act is changing how businesses approach data security
BPy Richard Kanadjian
rivacy laws are expanding in the United States and abroad. With the enactment of HIPAA, CCPA and GDPR, data breaches have serious liabilities for any company that holds sensitive consumer information,
including Personally Identifiable Information (PII) of consumers and or any other confidential information. California’s Consumer Privacy Act (CCPA) came into effect on Jan. 1, 2020, and affects not only companies in California, but also companies nationwide doing business in California.
The European Union’s GDPR regulation, which has been in effect since 2018, allows non-complying organizations to be fined up to 4 percent of annual global turnover, or about $20 million. Additionally, under GDPR, companies can be fined 2 percent for not having their records in order, not conducting an impact assessment or not notifying the supervising authority and the people affected by a breach.
CCPA (officially called AB-375) incorporates some of the ele-
8
0420 | SECURITY TODAY
ments of GDPR and takes a broader view of private data and protecting PII. The storage, transportation and management of sensitive consumer and company information have become criti- cal issues for companies of all sizes to lock down and secure.
How Does the California Consumer Privacy Act (CCPA) Affect Businesses? Put simply, AB-375 levies specific penalties when there is “unau- thorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices.”
While CCPA is meant to enhance privacy rights and consumer protection for the residents of California, as with many laws en- acted in the state, it will impact most businesses across the coun- try and the rest of the world. Any company that has customers who are based in California could be affected by this new law. CCPA can apply to businesses even if they do not have offices
CYBERSECURITY
Vector Plus Image/Shutterstock.com