Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
California Consumer Privacy Act ....It’s Here
It is safe to say that 2020 has not progressed as planned for nearly everyone. However, some things have proceeded as scheduled. As of July 1, 2020, the California Consumer Privacy Act (CCPA) is officially in place. No doubt, you have seen the news articles and alerts about this new regulation. Some minor details still need to be pushed through, most notably the approval of the final regulation by the Office of Administrative Law (OAL). While this has caused some confusion, based on a June 2 press release, the California attorney general is committed to enforcing the CCPA if violations are not resolved within 30 days after AG-provided notice of alleged non-compliance.
Let’s dissect the reasons this is a significant regulation and provide an overview of key steps that organizations should be taking before enforcement begins.
The fact is that most organizations are terrible at protecting PII. This has become exacerbated when you look at how technology has exponentially increased data touchpoints (where, when and how quickly) and the types of data an organization can collect. PII is valuable and has become raw material in the manufacturing of evolving digital services. There is an individual benefit to this, the omnichannel experiences – being able to find quickly the things you want to – but there is a dark side as well. In a previous blog post, I referenced Soshana Zuboff’s book The Age of Surveillance Capitalism, where she highlights that “We are now able to impede on individuals’ decision rights through extraction of the human experience for profit and influence.” You’ve likely experienced this phenomenon many times with the curious timing of a placed ad or a sudden email related to something you had recently researched (toasters anyone?). Being an election year, you might recall events like the Facebook contagion experiment or the Cambridge Analytica scandal. Additionally, from a cybersecurity perspective, personal information related to particular life circumstances can be used against you to maximize the effectiveness of social engineering.
When it comes to the protection of PII, I don’t think organizations are complacent about it. In fact, many are striving to establish sustainable risk management and data protection programs that can adjust to ever-emerging privacy regulations. However, as part of the risk management aspect, we must consider that fines could be simply seen as “the cost of doing business,” as opposed to a real penalty that drives behavior. This is where CCPA is changing the playing field for organizations that “do business” in California, similar to how the European General Data Protection Regulation (GDPR) changed it in the EU. Significantly increasing the potential penalties for non-compliance and deploying the resources to evaluate and enforce those penalties – is a gamechanger. A civil penalty under the CCPA may result in up to a $2,500 fine for each violation and up to a $7,500 fine “for each intentional violation.” These penalties can also accumulate quickly. For example, if a CCPA violation involves 100 consumers, the civil penalty could be up to $250,000 or up to $750,000 for intentional violations. Add to this that existing cyber insurance policies may not cover some exposures under the CCPA and these potential penalties begin to shift the risk/reward balance.
Privacy regulation is continuing to evolve globally. The good news is that the various regulations taking effect are more alike than they are different. The CCPA is well-positioned to force a change in behaviors in the U.S. and just might be the impetus that enables organizations to build a holistic privacy management program.
Copyright © 2023 Optiv Security Inc. All rights reserved.
No license, express or implied, to any intellectual property or other content is granted or intended hereby.
This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information.
Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards.
Complaints / questions should be directed to Legal@optiv.com
Let us know what you need, and we will have an Optiv professional contact you shortly.
September 09, 2019
With mounting regulations, connectivity, and an explosion in data, privacy management programs are critical components of an overall security program....
November 13, 2019
Rather than building programs for individual jurisdictions, organizations should develop holistic programs that address the overarching commonalities.
February 06, 2020
This paper helps organizations implement best practice multi-regulation privacy management programs.