As California’s privacy legislation goes into effect, it’s time to take stock of your security strategies around data and think about the future. The trend towards greater privacy is set to continue.
The big data grab drove companies to stockpile data, with little thought of how to use it, and even less thought about how to properly secure it. People everywhere are growing more conscious of the data they share, who collects it, and how it is handled. This rising awareness has sparked legislation designed to safeguard sensitive data, but these new laws aren’t just boxes to tick off, they represent an important trend that businesses need to get on board with.
Like the EU’s General Data Protection Legislation (GDPR), the California Consumer Privacy Act (CCPA) is a far-reaching attempt to enshrine new rights for people around their data. Everyone should be able to see what data is being collected, for what purpose, and to decide that they don’t want to share data without penalty.
You could study what the CCPA means for your business and work out how to comply in fire-fighting mode, then wait for the next piece of data legislation. But that’s short-term thinking, and it will cost you more in the long run. The smarter move is to use the CCPA as a springboard to re-examine your data security efforts, fundamentally change the way you collect and use sensitive data and get your house in order.
There are three key areas to consider: how you collect data, how you store data, and how you distribute data.
Interrogate your data collection
The tide has changed on sensitive data, and the GDPR and CCPA are just the first couple of waves. It would be safe to assume that regulations will continue to tighten, and more laws will follow. By re-examining the data your business collects and thinking critically about the value it represents, you can decide how much of it is necessary. You may find it is better to stop collecting some kinds of data.
Talk to all key stakeholders about the data your business is collecting. Identify the critical data for your business processes and cross-reference that with all the personal data you collect on people that falls under the CCPA. Consider that any personal data you collect about people and their habits, from email addresses to browsing history to specific preferences, is data that you’re going to have to make accessible on request.
Once you have a map of the data that’s essential to your business, you can start thinking about how to classify, store, move, and protect it.
Secure your data storage
The potential cost of a data breach is enormous and that’s why companies already have all kinds of security measures in place to protect most of the sensitive data they hold, such as credit card numbers, birth dates, and addresses. Despite this, there are still some kinds of data that may not be as protected as they should be, and there are also times when data is not transferred securely, or when data is used in other environments insecurely.