IT analyst, research and strategy firm, Enterprise Strategy Group, has announced the results of its report into compliance guidelines regarding the California Consumer Privacy Act (CCPA).
The study, which was carried out in partnership with runtime encryption company, Fortanix, throws light on how encryption can significantly help organisations to mitigate risk, when it comes to falling foul of the CCPA which came into effect on the first day of 2020.
The report also reveals that CCPA applies data breach sanctions only if companies fail to protect personal data with encryption or redaction. If personal information is protected with appropriate data security measures, it cannot be used by unauthorized parties, so consumers are left unharmed. Encrypted data that is stolen remains unintelligible, protecting the identity and personal information of its owner and mitigating risk for the business.
“Encryption is a security strategy that will protect sensitive data such as the personal information covered by CCPA,” wrote Christophe Bertrand, ESG senior analyst.
“It protects an organization from scenarios like a devastating breach where hackers gain access to systems containing personal data. It is important to implement encryption throughout the data lifecycle, including while data is at rest in a storage layer, while it is in transit over networks, and while it is in use by applications in the memory of the operating system.”
“Also, consider that personal customer data should be encrypted whether it exists in public cloud storage, in software-as-a-service (SaaS) applications such as CRM, or throughout your supply chain, in addition to your internal data center systems,” Bertrand continued in the report.
“Organizations need to implement advanced data classification, data anonymization, data masking, encryption, security, and access controls in order to set themselves up for successful compliance. ESG believes that many organizations are only ready on the surface – with marketing opt-in/out processes, for example.”
The California Consumer Privacy Act is landmark consumer privacy legislation. Often compared to GDPR, CCPA protects consumers from mismanagement of their personal data and gives them control over what data is collected, processed, shared, or sold by companies doing business in California.
This act is the strongest privacy legislation enacted in any state, giving more power to consumers with regards to their private data. With many experts predicting that other states will pass similar legislation in the coming years, companies across the US that take proactive steps today to better protect consumer data will be best equipped for future regulations.
“With the increase in regulatory penalties and devastating data breaches we have seen, protecting the privacy of customer data is a strategic imperative for business,” said Ambuj Kumar, CEO of Fortanix.
“The most reliable and efficient method of both protecting customer data and avoiding regulatory penalties is to encrypt all customer data throughout its lifecycle –while at rest, in motion, and while in use by applications.”
The “California Consumer Privacy Act (CCPA) Compliance Guide” is an update to an ESG industry report published last year. The update was commissioned by Fortanix to include new information and findings in the report after the law went into effect.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/