Monthly Archives: February 2020

What do you need to know about – CCPA?

California has always been known as a progressive state for
protecting consumer rights and individual privacy.  While this has been a benefit for its
residents it has also opened an opportunity for litigators to challenge
companies for not complying to these oversight regulations.   Given the scale of fines companies can face
(as severe as GDPR), companies will have to ramp up to
comply and protect themselves.  This
latest set of privacy compliance regulations is extensive, and the penalties
can accumulate over time with accumulated incidents.

Direct Impact to Companies      

In scope of the CCPA, guidelines apply to all of California’s
residents’ personal data that is collected; consumer data by January 2020 as
well as employee and B2B data by January 2021. 
Residents will have the right to access all data collected over a 12
month period, differentiated as sold or transferred.  They will have the right to opt out of
companies with programs in which personal data is being sold to third
parties.  And perhaps the most stringent
of those – is the right to have their personal data wiped in some cases.  Companies and supply chains will be greatly impacted
by these changes. They must quickly implement a way to comply  with the costs of accommodating these
directives – and in a rather challenging timeframe.  Companies will have to closely examine their
defensive perimeters and leverage their existing features to avoid additional
costs and penalties.

Supply Chain and Third Party/ Vendor Management Systems

Businesses have evolved into complex ecosystems of
interdependent relationships for leveraging efficiency and maximizing
opportunities.  Manufacturers, Retailers,
Service providers et al are mounting networks that make them nimbler and more
responsive to their markets.  Along with
these benefits come some challenges and risks – continuity of supply, sharing
information and sustaining global presence. In the Cyber world we don’t have to
go very far to see how these inter-dependencies can cause major threats and
losses.  In the US, Target stores had
thousands of consumer financial records compromised, impacting the business and
the reputation of the company – when one of its suppliers was lax in protecting
consumer data.

That event was a seed that initiated the category of Supply
Chain Management Softwares, Third Party risk management programs and Vendor
Management Systems addressing cybersecurity concerns.  Implementation of these systems have ensured
that companies can now monitor and protect the information, supply and
financial relationships that members of an ecosystem can rely on to maintain
cyber and financially secured relationships for servicing customers.  Leveraging these systems are a smart and
required way to comply with CCPA. 

CCPA is only the beginning

Until this point in time, The US was legging behind the EU
in terms of privacy regulations. CCPA is on par with the EU globally enforced
GDPR, and some speculate that other states will follow California’s footsteps
and adopt similar, if not more stringent legislations. We’ve seen a similar
trend in regard to the breach notification laws, that now exist in
all 50 states, D.C. and Puerto Rico.

This means that businesses that are exempt from complying
with the CCPA (because of their location’s jurisdiction or target audience’s
residency) should examine and consider adopting it, because in all likelihood,
it will impact them very soon.

The FINDINGS solution for CCPA

Findings is a scalable AI powered VRM platform that
streamlines security compliance across sectors, jurisdictions and regulatory
frameworks for Eco-Systems.  Findings
enables companies to showcase their security and assess vendors.  This platform is ideal for monitoring,
structuring and controlling the supply chain relationships.  Most organizations have or are already
evaluating these systems, considering 
they are a necessity in the suite of defensive controls needed in
today’s business climate.  The wise
strategy for complying with CCPA is to leverage the TPRM/Vendor Management
system rather than making new investments in defensive/compliance
capabilities:  Managing security, risks
and complying with regulation.