Complete Network’s cybersecurity expertise helps businesses deal with increasingly rigorous data privacy standards, like California’s CCPA and New York’s SHIELD
Data privacy has now become a headline issue for many Americans. In response to large-scale data breaches and the questionable collection and use of data by major businesses, several states, including Massachusetts and Hawaii have already passed new data privacy legislation. Other states, like Connecticut and Pennsylvania, seem intent on passing new legislation this year.
The two laws that are getting the most attention from the business community are the California Consumer Privacy Act (CCPA) and New York’s Stop Hacks and Improve Electronic Data Security (SHIELD). There are several reasons these laws are so important. The first is that they’re strict, occasionally exceeding the scope of the General Data Protection Rule (GDPR) that caused significant regulatory trouble for U.S. companies in 2018.
Another important reason why CCPA and SHIELD are so important is that both laws apply to not just businesses located in California and New York, but to any company that does business with entities in those two states.
Here’s how Complete Network’s cybersecurity and compliance expertise helps businesses decisively meet the challenges of new data privacy legislation.
Identify and Protect Personally Identifiable Information
Research shows that most companies are not ready for the new compliance standards. One of the challenges that companies have is determining which information they need to protect in order to be compliant.
Here’s how the two laws define personally identifiable information (PII):
NY’s SHIELD lays out a clear definition of protected data.
- Social security numbers
- Credit or debit card numbers
- Financial account information (or information that permits access to financial accounts)
- Driver’s license numbers
- Biometric information, including fingerprint data, voice print, or retina scans
CCPA provides a broader, more inclusive definition of protect data.
Personal information is data that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
The intentional ambiguity around “household” is designed to stop businesses from circumventing the law by protecting everyone using a single PC.
At the beginning of each compliance engagement, Complete Network will sit down with your team to help you analyze your technology and identify relevant PII. Only once you have clear visibility into the location and nature of those data assets can you begin to build a meaningful compliance program.
Achieving and Maintaining Compliance with Rigorous Data Security Controls
Both CCPA and SHIELD require that businesses have “reasonable” security controls in place to protect consumer data. Because of the ambiguity involved in assessing and implementing “reasonable” security, most businesses choose to partner with a compliance expert like Complete Network to help them make that determination with confidence.
Complete Network’s virtual chief information officers (vCIOs) help companies achieve dependable compliance by providing safeguards that address compliance risks throughout your organization.
Complete Network has 20 years of experience building and configuring technology solutions that protect PII as it moves through or is stored by your network technology. Here are just a few ways that we define strong technical controls:
- Continuous network assessments of network architecture and software systems
- Processes for detecting, preventing, and responding to cyberattack or network outages
- Regular testing and monitoring of all network systems, including vulnerability scanning, anti-malware software, security incident and event management (SIEM) systems, and more.
Administrative safeguards make sure that your people and processes are properly supporting your technical controls. The Complete Network VCIO team can help you implement administrative controls that are customized to the needs your business or organization, including:
- Training employees in cybersecurity best practices
- Implementing password management strategies to help maintain data integrity
- Defining clear lines of communication and responsibilities around data privacy
An often-overlooked aspect of security, physical controls ensure that your office itself is secured with the proper techniques to keep data away from unauthorized individuals. Physical safeguards your company should have in place include intrusion detection systems, controls that limit access to customer data after its been collected, and processes for the proper transportation and destruction of customer data after it’s been discarded.
The Importance of Building and Maintaining a Data Inventory
Another important tool in building a robust data privacy program is to create an inventory of the consumer data that’s at your organization. This record, called a data inventory, will help you see how sensitive data is shared, stored, and processed by your business, shedding light on areas of weakness.
Creating a data record is particularly important in relation to CCPA compliance. Under the new law, businesses must be able to provide consumers with a full accounting of the personal data they’ve collected from them. Without a clear sense of where consumer data is in your systems, fulfilling those requests in a systematic, timely way will be almost impossible.
The Process of Building a Data Inventory:
• Find personal data in each system and department
• Determine the scope and of relevant data assets
• Analyze data privacy and retention policies
• Create appropriate records in existing databases
• Ensure data can be retrieved in a useable format
• Recommend optimizations in data handling procedures
This record isn’t designed to be a fixed or static record. Instead, it’s a living document that’s designed to evolve with your business and show how your business processes and data interact. As such, building a data inventory will likely require on-going effort to maintain.
The Complete Network Team Can Help You Prepare for SHIELD and CCPA
Because of the complexity and vigilance involved, most businesses need help achieving and maintaining compliance. For over 20 years, the Complete Network team has been providing businesses in both Albany, New York and Charlotte, North Carolina with dependable expertise that helps them address their compliance requirements with confidence.
If your business is concerned about its ability to prepare for SHIELD or CCPA and would like to speak with an expert, we’d be happy to talk with you and answer your questions. Contact our team any time at 877.877.1840, or email us at [email protected].
The team at Complete Network can help you understand and comply with any new data regulation. Schedule a comprehensive consultation today.