Thursday, February 25, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Data Privacy Compliance is Getting Tricky…

How a Holistic View of Your IT Estate Can Help You Navigate Compliance Requirements

by Arthur Lozinski
November 20, 2020
in Data Privacy, Featured
hand holding virtual padlock

The regulatory and compliance environment is becoming increasingly complex at a time when the IT industry is undergoing massive disruption. Oomnitza’s Arthur Lozinski offers several regulatory considerations that need to be taken in managing the IT estate.

The enforcement period for the new California Consumer Protection Act (CCPA) started only on July 1 of this year, and there are already a half-dozen class-action lawsuits in motion against California companies. The law may also apply to companies that are not doing business explicitly in California but are serving customers located in California (and given California’s population, this is a huge expansion in applicability).

Then there is the new Lei Geral de Proteção de Dados (LGPD), Brazil’s version of the CCPA. Europe’s General Data Protection Regulation (GDPR) continues to evolve, even as each state in the European Union continues to enjoy considerable leeway for deciding what is a violation and what fines should be for GDPR violations.

As if all of this weren’t confusing enough, a patchwork of law in the U.S. is now starting to generate class-action lawsuits or regulatory enforcement, often against out-of-state companies. On July 21, the New York State Department of Financial Services announced its first-ever cybersecurity enforcement action against First American Title Insurance, a publicly traded financial services company based in Southern California, for allegedly failing to patch known vulnerabilities. This exposure allegedly resulted in over 800 million sensitive financial records being exposed on the public internet over the course of five years.

Without Accurate Cross-Silo ITAM, Compliance is Slow and Painful

This puts companies without an effective IT Asset Management (ITAM) system that automatically updates all IT asset inventories (hardware, software, cloud, etc.) at a distinct – and potentially expensive – disadvantage.

All of these laws have their own nuances around coverage, liability and expected corporate behaviors. IT departments and the audit and compliance teams now face a confusing landscape; a lawsuit or enforcement action can come from almost any direction. Across the CCPA, the different country-specific approaches to GDPR, the impending LGDP in Brazil, other state laws in the U.S. and now New York’s own enforcement, complying with an ever-growing web of IT compliance regulations is rapidly becoming expensive, complicated and mandatory.

Knowing – or being able to quickly find – where an asset is located, who owns the asset and the state of security controls on the asset is becoming a critical piece of complying with legal requirements to demonstrate best efforts for security. This requirement is common among the various privacy laws, but it is particularly broad with the CCPA. While there are various endpoint management tools that validate controls, these tools cannot replace ITAM as a backbone for understanding the ownership, status and location of an asset. Ownership as well is key to attestations that are the core of compliance with SOC2 and other compliance standards that are legally required with increasing frequency for provision of technology services from one business to another.

Few Companies Are Prepared for CCPA. COVID Has Set Them Back

If your company is prepared even for just CCPA, it is in the minority. In a survey of general counsels released in June 2020 by the data privacy firm Ethyca, only 31 percent said they are prepared for the California law. For the other 69 percent, it’s reasonable to assume they are also not prepared for the Brazil law or the newly aggressive enforcement posture of New York.

The Ethyca survey further found that while the majority of companies are planning to dedicate more resources to compliance with CCPA, the COVID crisis has pushed out these efforts. Meanwhile, it’s clear that the pace of class-action suits is accelerating in this vacuum, as class-action attorneys seek to test the boundaries of this expansive law with a raft of litigation.

At the base of all compliance efforts with CCPA and other privacy laws is a rock-solid, real-time accounting of all the IT assets that an organization has in place and confidence that all IT assets are properly accounted for. Ask the following questions for a quick, back-of-the-envelope test of your compliance capability for an IT department, CIO or CISO:

  • How confident are you in the accuracy of your IT asset inventory?
  • How confident are you that there is no overlap between different static ITAMs?
  • How quickly can you associate a breach with an asset and an individual?
  • How fresh is your IT asset inventory?
  • Do you know the geographic location of every asset?
  • What percentage of assets have security controls installed?

If you can’t answer these questions quickly, or if your answers are not ones you would be comfortable sharing with an external audit team or an opposing attorney, then think about whether CCPA and the thicket of other laws can be a positive catalyst to finally get your arms around more effective and efficient ITAM. There is a vast host of regulators and attorneys looking for the slightest excuse to extract millions in fines from your company. A fully integrated ITAM can help mitigate or eliminate this risk – and at a price point that is substantially below the potential fines. The growing legal and financial risk makes this the right thing to do.


Tags: CCPA/California Consumer Privacy ActCoronavirus/COVID-19
Previous Post

Oversight: Spend Insights November 2020

Next Post

Rethinking the Suspicious Activity Report

Arthur Lozinski

Arthur Lozinski is the Co-Founder and CEO of Oomnitza, a leading technology solution that delivers a platform to secure and manage a corporation’s digital estate. He joined Trent Seed, Co-Founder and CTO of Oomnitza, in 2011 to realize the vision for the company and establish a new way of tracking, mapping, and managing anything that could be connected to the internet. For nearly a decade, Oomnitza has grown to manage tens of millions of assets across hundreds of companies ranging from fast-growing startups to Fortune 500 giants. Oomnitza is constantly evolving to deliver trustworthy data, extensible cross-discipline automation and actionable insights that allow machines to manage machines and humans to work smarter. Prior to founding Oomnitza in 2011, Arthur worked full-time at SAP as a technical project manager. Helping to manage a team at SAP that facilitated complex proof-of-concept software tests for potential customers, Lozinski thrived in the fast-paced, high-stakes environment of enterprise sales.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
fintech app on smartphone against dark blue background

Rethinking the Suspicious Activity Report

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights