Enterprise
Strategy Group (ESG) - an IT analyst, research,
validation and strategy firm - and
Fortanix Inc., the
Runtime Encryption company, today announced
results of the ESG industry report focused on
compliance
guidelines for the California Consumer Privacy Act (CCPA), the California
law protecting consumers from mismanagement of their personal data by companies
doing business in California that went into effect Jan. 1. The report
highlights that encryption provides the best defense against any fines that
might be levied for violations or data breaches under CCPA.
The
report also reveals that CCPA
applies data breach sanctions only if companies fail to protect personal
data with encryption or redaction. If personal information is protected with
appropriate data security measures, it cannot be used by unauthorized parties,
so consumers are left unharmed. Encrypted data that is stolen remains
unintelligible, protecting the identity and personal information of its owner
and mitigating risk for the business.
"Encryption
is a security strategy that will protect sensitive data such as the personal
information covered by CCPA," wrote Christophe Bertrand, ESG senior analyst.
"It protects an organization from scenarios like a devastating breach where
hackers gain access to systems containing personal data. It is important to
implement encryption throughout the data lifecycle, including while data is at
rest in a storage layer, while it is in transit over networks, and while it is
in use by applications in the memory of the operating system."
For
a copy of the ESG
study, see fortanix.com/ccpa.
"Also,
consider that personal customer data should be encrypted whether it exists in
public cloud storage, in software-as-a-service (SaaS) applications such as CRM,
or throughout your supply chain, in addition to your internal data center
systems," Bertrand continued in the report. "Organizations need to implement
advanced data classification, data anonymization, data masking, encryption,
security, and access controls in order to set themselves up for successful
compliance. ESG believes that many organizations are only ready on the surface
- with marketing opt-in/out processes, for example."
The
California Consumer Privacy Act is landmark
consumer privacy legislation. Often compared to GDPR, CCPA protects consumers
from mismanagement of their personal data and gives them control over what data
is collected, processed, shared, or sold by companies doing business in
California. This act is the strongest privacy legislation enacted in any state,
giving more power to consumers with regards to their private data. With many
experts predicting that other states will pass similar legislation in the
coming years, companies across the US that take proactive steps today to better
protect consumer data will be best equipped for future regulations.
"With
the increase in regulatory penalties and devastating data breaches we have
seen, protecting the privacy of customer data is a strategic imperative for
business," said Ambuj Kumar, CEO of Fortanix. "The most reliable and efficient
method of both protecting customer data and avoiding regulatory penalties is to
encrypt all customer data throughout its lifecycle -while at rest, in motion,
and while in use by applications."
The
"California Consumer Privacy Act (CCPA) Compliance Guide" is an update to an
ESG industry report published last year. The update was commissioned by
Fortanix to include new information and findings in the report after the law
went into effect.