No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Data Privacy Compliance is Getting Tricky…

How a Holistic View of Your IT Estate Can Help You Navigate Compliance Requirements

by Arthur Lozinski
November 20, 2020
in Data Privacy, Featured
hand holding virtual padlock

The regulatory and compliance environment is becoming increasingly complex at a time when the IT industry is undergoing massive disruption. Oomnitza’s Arthur Lozinski offers several regulatory considerations that need to be taken in managing the IT estate.

The enforcement period for the new California Consumer Protection Act (CCPA) started only on July 1 of this year, and there are already a half-dozen class-action lawsuits in motion against California companies. The law may also apply to companies that are not doing business explicitly in California but are serving customers located in California (and given California’s population, this is a huge expansion in applicability).

Then there is the new Lei Geral de Proteção de Dados (LGPD), Brazil’s version of the CCPA. Europe’s General Data Protection Regulation (GDPR) continues to evolve, even as each state in the European Union continues to enjoy considerable leeway for deciding what is a violation and what fines should be for GDPR violations.

As if all of this weren’t confusing enough, a patchwork of law in the U.S. is now starting to generate class-action lawsuits or regulatory enforcement, often against out-of-state companies. On July 21, the New York State Department of Financial Services announced its first-ever cybersecurity enforcement action against First American Title Insurance, a publicly traded financial services company based in Southern California, for allegedly failing to patch known vulnerabilities. This exposure allegedly resulted in over 800 million sensitive financial records being exposed on the public internet over the course of five years.

Without Accurate Cross-Silo ITAM, Compliance is Slow and Painful

This puts companies without an effective IT Asset Management (ITAM) system that automatically updates all IT asset inventories (hardware, software, cloud, etc.) at a distinct – and potentially expensive – disadvantage.

All of these laws have their own nuances around coverage, liability and expected corporate behaviors. IT departments and the audit and compliance teams now face a confusing landscape; a lawsuit or enforcement action can come from almost any direction. Across the CCPA, the different country-specific approaches to GDPR, the impending LGDP in Brazil, other state laws in the U.S. and now New York’s own enforcement, complying with an ever-growing web of IT compliance regulations is rapidly becoming expensive, complicated and mandatory.

Knowing – or being able to quickly find – where an asset is located, who owns the asset and the state of security controls on the asset is becoming a critical piece of complying with legal requirements to demonstrate best efforts for security. This requirement is common among the various privacy laws, but it is particularly broad with the CCPA. While there are various endpoint management tools that validate controls, these tools cannot replace ITAM as a backbone for understanding the ownership, status and location of an asset. Ownership as well is key to attestations that are the core of compliance with SOC2 and other compliance standards that are legally required with increasing frequency for provision of technology services from one business to another.

Few Companies Are Prepared for CCPA. COVID Has Set Them Back

If your company is prepared even for just CCPA, it is in the minority. In a survey of general counsels released in June 2020 by the data privacy firm Ethyca, only 31 percent said they are prepared for the California law. For the other 69 percent, it’s reasonable to assume they are also not prepared for the Brazil law or the newly aggressive enforcement posture of New York.

The Ethyca survey further found that while the majority of companies are planning to dedicate more resources to compliance with CCPA, the COVID crisis has pushed out these efforts. Meanwhile, it’s clear that the pace of class-action suits is accelerating in this vacuum, as class-action attorneys seek to test the boundaries of this expansive law with a raft of litigation.

At the base of all compliance efforts with CCPA and other privacy laws is a rock-solid, real-time accounting of all the IT assets that an organization has in place and confidence that all IT assets are properly accounted for. Ask the following questions for a quick, back-of-the-envelope test of your compliance capability for an IT department, CIO or CISO:

  • How confident are you in the accuracy of your IT asset inventory?
  • How confident are you that there is no overlap between different static ITAMs?
  • How quickly can you associate a breach with an asset and an individual?
  • How fresh is your IT asset inventory?
  • Do you know the geographic location of every asset?
  • What percentage of assets have security controls installed?

If you can’t answer these questions quickly, or if your answers are not ones you would be comfortable sharing with an external audit team or an opposing attorney, then think about whether CCPA and the thicket of other laws can be a positive catalyst to finally get your arms around more effective and efficient ITAM. There is a vast host of regulators and attorneys looking for the slightest excuse to extract millions in fines from your company. A fully integrated ITAM can help mitigate or eliminate this risk – and at a price point that is substantially below the potential fines. The growing legal and financial risk makes this the right thing to do.


Tags: California Consumer Privacy Act (CCPA)COVID-19
Previous Post

Oversight: Spend Insights November 2020

Next Post

Rethinking the Suspicious Activity Report

Arthur Lozinski

Arthur Lozinski

Arthur Lozinski is the Co-Founder and CEO of Oomnitza, a leading technology solution that delivers a platform to secure and manage a corporation’s digital estate. He joined Trent Seed, Co-Founder and CTO of Oomnitza, in 2011 to realize the vision for the company and establish a new way of tracking, mapping, and managing anything that could be connected to the internet. For nearly a decade, Oomnitza has grown to manage tens of millions of assets across hundreds of companies ranging from fast-growing startups to Fortune 500 giants. Oomnitza is constantly evolving to deliver trustworthy data, extensible cross-discipline automation and actionable insights that allow machines to manage machines and humans to work smarter. Prior to founding Oomnitza in 2011, Arthur worked full-time at SAP as a technical project manager. Helping to manage a team at SAP that facilitated complex proof-of-concept software tests for potential customers, Lozinski thrived in the fast-paced, high-stakes environment of enterprise sales.

Related Posts

uvalde crosses

Will 2023 Bring More ‘Permacrisis’ Culture?

by Lisa Schor Babin
January 4, 2023

While 2022 had no shortage of chaotic events, ethics columnist Lisa Schor Babin shares her hopes for 2023 — and...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

Hidden Threat? They Know There’s a Problem, But Companies Are Still Failing to Intercept Real-World Dangers

Hidden Threat? They Know There’s a Problem, But Companies Are Still Failing to Intercept Real-World Dangers

by Staff and Wire Reports
August 17, 2022

From climate change to the Covid-19 pandemic to hateful political rhetoric — modern society poses risks not only to the...

Next Post
fintech app on smartphone against dark blue background

Rethinking the Suspicious Activity Report

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT