Via Proposition 24, voters updated the California Consumer Privacy Act (CCPA), amending some of the benchmarks but perhaps most importantly creating a new state enforcement arm called the California Privacy Protection Agency (CPPA).
Formerly handled by the California Attorney General’s Office, enforcement of CCPA standards and sanctions for violations for California’s nearly one million businesses will now be handled by this new group. While the overall proposition will not go into effect until 2023, the CPPA is expected to start operations in second quarter 2021.
While consumers and privacy advocates may see this as adding needed teeth to CCPA, businesses will now be under a greater microscope at a time when cyber attacks and breaches are exploding. Previously, California had somewhat limited ability and resources to probe reported CCPA violations. However, the new agency will have up to 50 investigators, likely signally greater vigilance and subsequently more successful investigation and fines.
What does this mean for your business? If you haven’t gotten serious about CCPA compliance and remediation, it’s time to start.
Consider this: California is the national leader in reported cybercrime, with nearly 50,000 individuals reporting being victims of online crime in 2018. California also leads the nation in number of records lost, with nearly 19 million since 2005 from over 5,750,000,000 data breaches. With a fine of $2500 per record for unintentional disclosures (and higher fines for intentional incidents), that is a staggering $47 BILLION in potential penalties.
Bottom line: the odds are very good your business will be involved in some way with a data breach over the next 24-48 months, and if you are not prepared, you may be facing millions of dollars in fines, and as much cost in lost reputation.
With the new agency expected to launch in a matter of months, California businesses must act now. And with several states reviewing CCPA as models for their own privacy regulations, it’s smart for every organization to get in line with CCPA compliance.
As so many new privacy and cyber security regulations have been enacted in the last year, it can become difficult for many companies to understand their risk and responsibilities. We recommend three simple steps to protect both your customer’s privacy and your exposure to large fines:
1. Get a CCPA audit. This process will ensure you meet the CCPA standards and help protect you should a breach occur.
2. Get a cyber security assessment. Don’t confuse compliance with security. You can meet CCPA compliance and still get hacked. Having your perimeter secure is always the best way to avoid a breach and CCPA violations.
3. If you don’t have one, get a fractional Chief Information Security Officer. Modern security is more than a successful audit or assessment; it is an ongoing process. Having someone who will lead your organization in this regard is critical to avoiding breaches and maintaining privacy.
Not sure? Reach out. We are always available for a free consultation. Our team has a long history in this space.
You might want to check out our latest articles on election tampering and the future of social media.
United States Secret Service-Retired