[LEGAL ALERT] What You May Have Overlooked in the Run Up to CCPA Compliance



iStock-885967950LAW.COM had a very good reminder that you really need to keep in mind. Here is an extract: "With just days to go before the California Consumer Privacy Act (CCPA) compliance date, some companies may be scrambling to get their data collection and management processes in order. 

"Others, however, might be taking a wait-and-see approach before fulling investing into large-scale changes. Whatever an organization’s plan, there are certain things all covered entities should know about the far-reaching privacy law before January 2020.

“Reasonable” Security is Required

"The CCPA isn’t all about privacy. In fact, the regulation also mandates that covered entities maintain reasonable security procedures, something that does not get as much attention as the data handling requirements. “It certainly hasn’t been focused on and it ought it to be,” Mark Schreiber, partner at McDermott Will & Emery said.

"To  be sure, exactly what constitutes 'reasonable' security isn’t clarified in the CCPA. Still, Schreiber said that there are hints in what the state expects given its past positions. “The California attorney general years ago in other pronouncements identified the 20 CIS [security] controls —which is this fairly intense and robust set of security standards—as being what California would look to. So that’s been out there for some years and those are fairly granular in terms of the different components that need to be in place. Here is the full article.

You have to implement a Security Awareness and Training Program

Number 17 on the CIS list, in the section Organizational CIS Controls requires your organization to roll out a Security Awareness Training Program.  If you get hacked because a user falls for a social engineering attack and your suffer a data breach that has California-related records in there—and who hasn't— you are in violation and can get fined. 


Request A Demo: Compliance Plus

Old-school compliance training is challenging for organizations to offer, difficult to do right, and is generally very expensive to deliver. In this live one-on-one demo we will show you how easy it is to deliver your compliance training program using Compliance Plus with KnowBe4's training platform.

CMP-Collage-LCompliance Plus gives you:

  • A whole new library with fresh compliance content updated regularly
  • Coverage of legislative requirements, such as HIPAA and many others
  • New-school high-quality customizable modules
  • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
  • Completely automated compliance training campaigns with world-class support and extensive reporting

See for yourself how Compliance Plus can help you keep your users on their toes with compliance, risk and workplace safety top of mind!

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/compliance-plus-demo



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews