If you heard a collective groan emanating from the American west last week, it wasn’t just from the heatwave. No, the hand-wringing and panic attacks are taking place inside Chief Compliance Officer (CCO) and CSO offices. California has just passed the California Consumer Privacy Act of 2018. This new law offers residents of California privacy rights comparable to those of the EU’s GDPR.
Starting January, 2020, consumers in California will have the right to request that a business to disclose the personal information it is collecting about them. They can request deletion of personal data. California businesses will have to disclose what information they collect. This adds to existing California law mandating breach notifications to consumers.
More Privacy Rules Are Coming
We are on the verge of more rigorous, sweeping regulations regarding cyber security. Data privacy is already a hot issue, as this new law attests. The California law is just one small step in this direction, but a lot more is coming. The recent news that Utah’s state government is now deflecting a billion hacking attempts per day suggests that some heavy-handed access control rules are coming. CCOs and CSOs will have to make compliance part of their departments’ workloads. To make this work, without adding excessively to budgets or simply expanding deficient controls, security managers would do well to rethink their basic approaches to securing data privacy.
Alignment of Public Policy and Cyber Policy
In this legislative and compliance environment, it is a best practice to align an organization’s cyber policy with public policy. Compliance can’t be an afterthought. It is not economical or efficient (or secure, for that matter) to design a system and then figure out how it will ensure privacy. The public policies regarding privacy or other security measures, must be taken into account at the policy setting stage and implemented from there.
Luminate just passed the rigorous SOC2 Type II certification to become the first secured access cloud service provider to become GDPR ready. With this foundation, the company is poised to tackle American privacy laws as well as those in the EU. The certification process confirms that the Luminate platform complies with the privacy principles in the delivery of service to its customers. In the GDPR context, the Luminate Secure Access Cloud™ platform provides GDPR-mandated measures of data access visibility and governance.