No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Preparing for Stronger Data Privacy Law Based on GDPR and CCPA

by Arshad Noor
November 20, 2018
in Data Privacy, Featured
white padlock on blue binary code

3 Steps to Bolster Privacy

The California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) may signal a coming global standard for data protection. Why? Business. The pressure is ever increasing to protect data, meaning we are likely to see an uptick in individual state data protection laws here in the U.S. and more outside the U.S. and the EU. Here are three practical steps to take toward ensuring stronger data privacy for customers.

No doubt, since May you’ve experienced an influx of emails from every company you’ve ever done business with, letting you know about their updated privacy policies. This was due to GDPR going into effect. These emails varied in their compliance with the new regulation; some did it right by asking for explicit consent for their new policies. Many others just sent emails saying they assumed your implied consent, meaning that if you don’t unsubscribe, they assume you consent. Yet others didn’t even bother to send that kind of noncompliant email.

Data Privacy Law is Evolving

Your organization falls into one of those three groups. Delaying compliance remains a risk, even for businesses with U.S.-only consumers. The California Consumer Privacy Act (CCPA) has already been passed. California law tends to be a harbinger of things to come — in 2003, they passed the nations’ first breach disclosure law. While there is still no federal law on breach disclosures, it mandated the disclosure of breaches involving 500 people or more, and there are more than 40 states with disclosure laws on their books (thanks to federal inaction).

In light of Facebook’s Cambridge Analytica scandal and the large data breaches in the first half of 2018 alone, it’s possible that CCPA and GDPR are just the beginning of what will eventually become a global standard for data protection.

Instead of having to comply with a mishmash of more than 40 inconsistent state laws and GDPR (not to mention other countries’ laws), companies will find it cheaper to comply with one global policy that mimics GDPR. So, despite GDPR applying only to EU residents and CCPA applying only to California residents, the types of restrictions on data acquisition, storage and sharing are likely to become an international business problem, not solely a European one.

The goal of this spate of privacy laws is to help companies be more mindful of what consumer data they have, where they keep it and how they can be more responsible with it. The most obvious result of these privacy laws, however, is encouraging transparency and information about how, when and where data is used and stored.

In fact, according to a study conducted by researchers at the Ruhr-Universität Bochum in Germany and the University of Michigan in the U.S., since GDPR went into effect, the most notable change has been “the rise of cookie consent banners, which now greet European web users on more than half of all websites, informing about the websites’ cookie practices.” They go on to note that “While seemingly positive, the increase in transparency may lead to a false sense of privacy and security for users.”

Moving Toward Stronger Privacy

Giving data over to someone is an act of trust. It’s been an implicit trust until now, when GDPR mandated that it must be explicit. Whenever data is exchanged, it should be kept safe using the strongest measures available – regardless of whatever laws are in place. Consumers today expect and are now demanding nothing less.

Here are three practical steps to take toward ensuring stronger data privacy for customers:

  1. If you don’t already have one, put up a cookie consent banner. Link this to your privacy policy so that customers and prospects can decide for themselves whether they want to comply.
  2. Conduct a data audit to understand where in your organization personal data is held, who has access to it and for how long. This is a major step in ensuring you can keep data safe, because first you have to know where it is and how your organization uses it.
    As much as possible, store sensitive information on-site, where it remains directly secured by you, with highly controlled access. The cloud (along with cloud-based applications) is an attractive business convenience, but make sure you understand the potential vulnerabilities and be discerning about what data you do and do not upload to the cloud.
  3. Work toward a GDPR- and CCPA-compliant system with policies in place to keep it that way. Since California law is often a precursor to federal law, act as though CCPA applies to you even if it currently doesn’t.

Until a federal law consolidates all the varied requirements, enterprises will need to anticipate stronger data privacy regulations and plan accordingly. To any businesses struggling to comply with GDPR or CCPA, may this encourage you to move forward and protect consumers’ data – the right way and right away.


Tags: California Consumer Privacy Act (CCPA)Data BreachGDPR
Previous Post

1MDB: A Guilty Plea and Two Indictments

Next Post

How to Address Workplace Bullying

Arshad Noor

Arshad Noor

Arshad Noor is the CTO of StrongKey, a Silicon Valley and Durham, North Carolina-based company focused on securing data through key management, strong authentication, encryption and digital signatures. He has 32 years of experience in the information technology sector, of which, more than 19 were devoted to designing and building key-management infrastructures for dozens of mission-critical environments around the world. He has been published in periodicals and journals, as well as authored XML-based protocols for two Technical Committees at OASIS and represents StrongKey at the FIDO Alliance. He is also a frequent speaker at forums such as RSA, ISACA, OWASP and the ISSE. He can be reached at arshad.noor@strongkey.com.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

Next Post
co-workers laughing at woman

How to Address Workplace Bullying

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT