Data Privacy Day: 2020

While Data Privacy Day is today (January 28th), there’s been no shortage of privacy talk lately. Data privacy conversations ignited after the culmination the significant data breaches of the 2010’s – Target, Marriott, Equifax – in combination with large corporations, like Facebook, Google and Apple’s questionable handling of consumer data.  In response, governments passed regulations holding corporations accountable while innovative tools are helping organizations prioritize data protection and privacy.   

State of Data Privacy

Data privacy is two-fold.  There’s customer personal data and then there’s confidential business data.  Each important to protect in the IT ecosystem, and each valuable to hackers.  And because breaches revolve around data, it’s the IT team’s duty to stay updated on regulations and ensure the organization is taking the proper steps for data protection.  

ICYMI: 2020 Regulation Updates

California Consumer Privacy Act (CCPA) – The European Union regulation, GDPR has been the headline of consumer privacy laws since it went into effect in 2018.  This year, the highly anticipated CCPA is the latest data breach notification regulation to be passed in the States.  These regulations impact any company that has customers in the location – so for the CCPA, any customer in California.  Predictions believe this will become the national standard moving forward. Read a detailed overview of the law here. 

New York SHIELD Act- Following in California’s footsteps, the New York Senate has passed the New York Stops Hacks and Improve Electronic Data Security (SHIELD) Act.  Companies have until March 21, 2020 to become security compliant.  Any company that has private information of a New York Resident must comply with the regulation.  Here’s a recap from our SHIELD Act event to help prepare.  

Data Protection

The other side of data privacy is data protection.  As we work alongside companies to strengthen its security, we recommend the following tools to protect data and secure access. 

  • CyberArk. The CyberArk platform offers a line of defense against privileges account attacks.  The multi-layer approach has password management, session recording and data analytics. 
  • Fasoo.  The Fasoo framework is built through a combination of three layers.  Discover and Classify; Protect, Control and Trace; Analyze and Act.  Each layer works to secure unstructured data. 
  • KnowBe4.  A key piece in data protection is the end user. Keep employees up to date on their cyber security training with simulated phishing, vishing and smishing attacks that prepare them for real-life situations.  
  • Netskope. Netskope covers data protection across managed and unmanaged cloud services, apps and web traffic.  The continued adoption of cloud services and the now constant flow of data across platforms are creating additional gaps and require specific attention.  

As regulations continue to pass and data protection evolves, get ahead of the curve and ensure you meet the requirements.  We would love to help find the right solutions to meet your needs.  Reach out and we’ll connect you with one of our trusted advisors.