Virtualization Technology News and Information
Article
RSS
Ringing in the New Year with CCPA

CCPA-Security 

January 1 is a day that signals a new year, a fresh start and new personal goals. However, this year, January 1 also signals the beginning of the California Consumer Privacy Act (CCPA). Passed in June 2018, CCPA aims to protect the privacy of California consumers by allowing them to request all the information a company has saved on them, request a list of all the third parties that data is shared with, and allowing consumers to sue companies if privacy guidelines are violated with or without a breach. 

With Cyber threats like ransomware becoming more frequent every day, consumer privacy has been thrust into the spotlight, but many companies are still unsure of how to meet all of CCPA's guidelines. To help with that, we spoke with several experts on how companies can prepare for CCPA, how the new law will affect other states, and more.

Avi Raichel, CIO, Zerto

"As we approach the deadline for CCPA compliance, we should remember that a big piece to the compliance puzzle is reporting, and with today's advancements in IT resilience solutions, reporting should no longer be the headache it once was. If it is, then you may want to reconsider the tools you're using. Your analytics should be able to provide at least a 90-day history of your protected multi-site, multi-cloud environments' health and compliance. Furthermore, you shouldn't have to perform more than just a couple of clicks to produce a report that proves your infrastructure is resilient and protected. Of all the things you need to think about in your journey to become CCPA-compliant, don't let reporting be the piece that holds you back."

Wendy Foote, Senior contracts manager, WhiteHat Security

"Although the CCPA will be good for consumers, affected companies will have to make a significant effort to implement the requirements. It will add yet another variance in the patchwork of divergent U.S. data protection laws that companies already struggle to reconcile. The CCPA is the first law of its kind in the U.S., and it could set a precedent for other states. And because it applies to most companies who do business with individuals residing in California, the sweeping new law promises to have a major impact on the privacy landscape not only in California, but the entire country.

The passage of a cohesive U.S. federal privacy law, one that will preempt state laws, is gaining momentum. It has strong bipartisan congressional support, and several large companies from a variety of industry sectors have come out in favor of it, some even releasing their own proposals. There are draft bills in circulation. With a new class of representatives sworn into Congress earlier this year and the CCPA effectively putting a deadline on the debate, there may finally be a national resolution to the U.S. consumer data privacy problem. However, the likelihood of it passing in the very near future is slim.

A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law. It will take several months of negotiation among lawmakers to agree upon how the federal law would be implemented. While companies wait for the passage of a national privacy law and then for it to actually take effect, they must continue to monitor developments in both state and federal privacy law and adapt as necessary."

Lex Boost, CEO, Leaseweb USA

"The California Consumer Privacy Act (CCPA) is set to become the gold standard in privacy, data protection and consumer protection rights in California, and maybe even the United States. It will be the first of its kind in privacy regulation within the US, similar to what the GDPR is to the European Union. The act allows consumers to have greater control over their data, now that data companies must comply with these new regulations. The implementation of the CCPA establishes a trend in governments evaluating and seriously considering better legislation for protecting data. It is important that all companies are committed to ensuring that personal data and privacy remain protected and used in accordance to the CCPA.

From a cloud hosting perspective, striving to meet new compliance and privacy regulations is challenging when managing cloud infrastructures. In order to ensure you are in compliance with increasingly stringent data protection legislation, it is important that you utilize a team of professionals who can provide guidance on managing data to stay within the law. Hosting providers that have experience with GDPR and have done their due diligence around CCPA will be essential as organizations seek out the in-depth knowledge that will allow them to maximize their data usage while taking the important steps to remaining compliant."

Sam Humphries, Senior product marketing manager, Exabeam

"As we approach 2020 and the California Consumer Privacy Act (CCPA) law comes into effect, it's a good time to recall the lessons that earlier privacy regulations, like the EU's GDPR, previously imparted. In all of its good intentions, it is still early days for the GDPR. Therefore, it has not yet been a silver bullet in safeguarding consumer privacy. Possibly the most salient point is that as a security issue, consumer privacy will continue to evolve. Because of this, newer laws and regulations, like CCPA, must be flexible and evolve over time, too. We already see this happening in the UK, with the ePrivacy Regulation, which aims to put specific responsibilities around provisions that the GDPR treated more generally. Regardless of how much CCPA is intended to protect consumers, it remains to be seen how tolerant they will be at dealing once again with the extra ‘clicks' and notifications that come with consent-based security measures."

Alex Feilding, CEO and founder, Ripcord

"January 2020 is fast approaching and California is set to enact one of the country's most progressive consumer data protection laws - the California Consumer Privacy Act (CCPA). 

The CCPA will require any organization conducting business in or with a California-based organization to comply with stricter data and privacy regulations. 

As more paper records become digitized into easily accessible data, complying with this new regulation will be challenging for organizations that aren't prepared. The CCPA allows any California resident the right to access the last 12 months of data collected by an organization - and they must comply with the consumers' request. This will prove difficult for organizations that have outsized amounts of data on paper and in physical form. To streamline the process, organizations will need to be efficient to become 100 percent digital with all their current and past records and offer flexibility to consumers by allowing them to view, modify or delete their data as they please. 

Organizations that have a team of digitization experts on their side who understand the technical nuances behind the CCPA will ensure that they can comply with the new regulations while operating at the same or greater level of efficiency as before." 

Mihir Shah, CEO of StorCentric, parent company of Nexsan 

"Data and its security are incredibly valuable to any and all organizations, and now even more so with the imminent introduction of the California Consumer Privacy Act (CCPA).  For the best strategy to become compliant with this new regulation, a key feature of a storage solution should be data protection. Not all storage systems will protect data from integrity issues or silent data corruption. Not to mention, insufficient storage systems lack the ability to complete real-time audits for integrity checks."

"With CCPA becoming effective in the new year, it is critical to ensure that an organization's system will never overwrite an original file, and will keep the original intact so that nothing, including malware, can alter that data. For all organizations preparing for CCPA, seeking out storage systems that offer unmatched visibility into user activity via comprehensive audit trails, data retention, data destruction policies and more, is undoubtedly a critical change that needs to be undertaken sooner rather than later." 

Alan Conboy, Office of the CTO, Scale Computing

"Following the implementation of GDPR, the California Consumer Privacy Act (CCPA) is the newest regulation expected to help organizations manage and maintain data compliance, ensuring personal information is kept safe, and not shared or sold to other organizations. With technology innovation growing and expanding at a rapid pace, one way IT professionals are able to abide by CCPA is by designing solutions with data protection in mind. Organizations can prepare for CCPA's launch on Jan. 1, 2020 by setting in place an IT infrastructure that is stable and secure, with data simplicity and ease-of-use as a main focus."

##

Published Friday, November 22, 2019 7:35 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<November 2019>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567