In the United States, from California all the way to Maine, there have been new laws enacted with regards to cybersecurity, privacy, as well as data security and breaches. But is your business prepared? Here are the new privacy and security laws of the states explained and how to get your business ready.
The California Consumer Privacy Act (CCPA)
It’s easy to see that federal legislation regarding issues such as security and privacy are always delayed. This time, many states are now pushing through some bills while waiting for federal level legislation.
Currently sweeping the headlines happens to be the California Consumer Privacy Act (CCPA) of which its signing took place in June 2018.
It is believed that its inspiration is gotten from the European Union’s General Data Protection Regulation (GDPR), and its objective is to ensure that consumers can regulate the way their data is retrieved and used by companies.
The bill was set to be fully effective in January 2020.
Let’s take more look at some other moves by state legislation regarding issues of privacy and cybersecurity.
Nevada Senate Bill 220 Online Privacy Law
Even if most of the attention was directed towards the CCPA, the online privacy regulations of Nevada state signed in May 2019 seems to be harsher.
This bill is an amendment to the already existing law in the state of Nevada, which stipulates that businesses must give its clients the opportunity to stop their personal data from being sold.
The bill was set to be fully effective on October 1, 2019. There are no new notice stipulations on the part of web operators. However, they are required to release some privacy policy info to the public. Most of that has to do with the information collected and how that data is distributed or shared.
Violating the regulations will see defaulters penalized as much as $5000 for every violation. There is also the possibility of injunctions being incurred.
Maine Act to Protect the Privacy of Online Consumer Information
This bill was signed into law in June 2019 as a way of protecting consumer information in virtual space, and it was set to be fully effective in July 2020.
Companies that provide broadband internet services are not allowed to use, disclose, sell, or allow the personal data of consumers to be accessed without the permission of the consumer.
There are just a few exceptions. Providers of broadband internet are also not allowed to deny their services to customers or victimize customers by making them pay more simply because of a denied permission.
Other Laws have been Enacted
In the same vein, other laws that have to do with cyber and data security have been enacted across other States which include New York, Massachusetts, New Jersey, Maryland, Oregon, Texas, and Washington.
What this Means for Your Business
Although it seems like there is some time to spare pending the full activation of these regulations, they are coming! It would be wrong for you to wait until they are here before taking action.
It is essential that you begin now to analyze your security levels, not only with respect to how you can respond to incidents or how many patches you’ve got installed. Businesses must carry out security analysis based on processes dedicated to ensuring that vulnerabilities with respect to privacy and cybersecurity are avoided.
What this implies is that time will prove to be a vital element in keeping data secure. Measurements of security levels must be carried out by taking into consideration the amount of time dedicated to carrying out software tests, as well as the amount of time used in the maintenance of deployed software.
How to Ensure that Your Business is Ready
If your company is involved in the business of software creation or distribution, here are two key strategies that can help you prepare your business for the future –
1. Concentrate effort on security processes
When designing and deploying software, efforts should be concentrated on incorporating security processes early enough and regularly where possible.
A wide range of techniques can be used to do this. So many software developers are already threading on this path through the insertion of security personnel once the process starts.
If your business is involved in software buying, consistently monitor attack surfaces, and make sure that you’ve got a team that constantly probes your networks.
2. Maintain a balance between available resources and data to be protected
Companies must ensure that there is a connection between the resources invested in security and privacy, and how complex and voluminous the code to be protected is.
With the growth in the code of software or with expansions in user bases, it is imperative that firms multiply every effort invested to ensure that their users are secured and that their privacy is protected.
The Way Forward for Businesses
Regardless of the processes you choose to adopt, your company needs to show that it is a proactive player when it comes to controlling security and privacy. It should be treated as a core necessity and not a process that comes up as an afterthought.
This means that your company needs to carry out and ensure the tracking of valuable resources as well as time expended in software tests and security processes.
It’s important to secure the entire company network. Securing the company network can be done by conducting regular security awareness training for the employees and also by ensuring every employee is well-equipped with the best security tools. That way, you do not leave a footprint that can be traced back to you.
As we invest more and more of our time utilizing systems that are based on software, we all must come together to promote the security of these systems.
That way, there will be dedicated personnel investing time and valuable resources to keep software safe at all times.