COVID-19 IS NOT THE ONLY DANGER GOING VIRAL
Our rapid move to cyberspace during the pandemic has made companies more vulnerable, from a cybersecurity and data privacy perspective. Cybercriminals are exploiting our vulnerabilities and preying on our panic. Employees are distracted and somewhat disoriented, thus, more likely to make mistakes. In addition, many companies are finding their IT departments are strained due to an increased activity relating to the sudden move to a fully remote workforce. All of these factors will play into a company’s ability to respond to a malicious cyber attack or negligent disclosures of information. The speed, strength and effectiveness of a breach response may be not be up to par, right now. A delayed or uncoordinated response will most certainly result in higher costs to remediate and recover. Increased first party related costs as well as increased regulatory and liability risk.
California Consumer Privacy Act (CCPA): This recent California statute went into effect on January 1, 2020 and is the first of its kind in the United States. Its requirements will most likely set the stage for future privacy acts in other states. It affords consumers the following rights:
- Knowledge of what personal data is being collected and how it is
- being used
- Option to decline the sale of personal data.
- Access to their personal data.
- Right to request that a business to delete any personal information about a consumer
- Protection against discrimination for exercising their privacy rights.
General Data Protection Regulation (GDPR): Implemented in 2018, this regulation set guidelines for how to handle consumer data in the European Union. Although a foreign regulation, it also addresses data which crosses international lines.US-based companies with European operations and/or customers should be aware of GDPR requirements so that they are in compliance in the event of a breach.
STAYING COMPLIANT IN DIFFICULT TIMES:
Although the world seems to have stopped because of COVID-19, cybercriminals and the laws that protect consumers have not. Keep in mind these ways to stay abreast of the regulations1:
- Know what is required by the regulations
- Understand what consumer information you have and how you manage it
- Update Privacy Disclosures
- Create a Homepage Privacy Link
- Develop a Process for Handling Consumer Requests
- Identify and Implement System Changes
- Train Employees
- Strengthen Data Security
- In the event of a breach, notify your insurance carrier and appropriate authorities as soon as possible
COVID-19 AND CONSUMER PRIVACY (PDF)
HEIGHTENED CRISIS DOES NOT MEAN LOOSER REGULATIONS
In light of the pandemic, business leaders had asked the California Attorney General to delay CCPA enforcement until January 2021. The Attorney General denied the request, stressing there is “heightened value” to protecting consumer privacy during this crisis: “We encourage businesses to be particularly mindful of data security in this time of emergency.”