While reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date, according to new OneTrust and IAPP research.
https://twitter.com/morodog/status/1123852893826813953
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG:
“GDPR ‘raised the bar’ for data privacy awareness for companies in the US because the regulation put privacy controls in the hands of the consumer. CCPA is similar in this regard, as the law will require organizations to provide consumers with legal ‘rights’ based on the data collected. Organizations must offer data protection for personal information, and be ready by January 1, 2020, to execute on consumers’ rights to request information, delete their data (Right to be Forgotten), or opt-out of data collected.
Part of the lack of confidence in CCPA-readiness for many organizations surrounds the use of data. The vast amounts of data collected and used for monetization and business growth have added to the complexity of managing and securing data. Ask any IT professional today if they know where all of their data is stored, and most are not 100 percent confident in the answer. Organizations need to determine what kind of data they have, where it is, how they are using it, and who has access to it.
The threat of large fines from non-compliance with GDPR still draws a lot of attention. Look at the recent fine for Google of over $56 million for non-compliance in France. CCPA may generate similar fears as organizations may be fined $750 per record in violation of the law. For example, an organization exposing the personal information of 60,000 consumers calculates to a $45 million fine!
Companies should focus now on protecting all sensitive and personal data. Deploying technologies that focus on securing the data itself provides companies with a head start to executing on consumer rights as listed in the CCPA.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.