How Organizations treat data privacy has never been under more scrutiny and there have been various legislation changes to protect data consumers including, initially, The General Data Protection Regulations (GDPR) and more recently the California Consumer Privacy Act (CCPA).
The CCPA became law on Jan 1st 2020 becoming the first, but unlikely to be the last, data privacy law to be enacted in the United States. It is a state rather than federal law but it requires any company that manages the data of California citizens to comply with the CCPA terms and definitions.
For a more detailed overview of the CCPA terms and definitions please refer to our prior CCPA blog post.
CCPA compliance is often thought of as California’s version of the GDPR regulation, but it is important to understand the main differences between the two sets of legislation:
1. The GDPR requires consumers’ consent prior to the collection and usage of their data. The CCPA alternatively requires that businesses provide an option for consumers to opt out of collection and usage of their data
2. The GDPR defines personal data as any and all types of information relating to an identified or identifiable individual. The CCPA personal data definition defines it as any and all personal information that appertains to an individuals characteristics which is inclusive of physical / genetic characteristics and also biometric data.
So, given the current stay of play with most businesses in which they have many, if not all, employees working remotely, what can be done to ensure that a company is in compliance with the CCPA and/or the GDPR ?
1. Don’t think of Compliance as something that is nice to have, consider data compliance and data governance as a core requirement of your business and business processes.
2. Secure Access to data – Have a strong Identity Access Management authentication framework for employee data access and additionally consider other protective measure such as two-factor authentication (2FA) and/or biometric protections for devices that have data access.
3. Ensure the necessary framework is in place for Subject Access Requests – What data is stored on an individual ? Who had access to the personal data that is stored ? When ? Why ? How ? This should work whether an employee is remote or in the office.
4. Unify Data Compliance Processes – Having a myriad of siloed data, that could be on-cloud and on-premises, is a data governance nightmare. Unify siloed data sets and implement a common policy and governance framework.
5. Ensure the compliance framework is transparent – Make sure that the compliance framework is not onerous or difficult or employees will attempt to sidestep it. It should be transparent from an end-user perspective.
Introducing the Enterprise File Fabric:
The Enterprise File Fabric is a secure multi-cloud Data Management solution that works with a company’s existing data sets whether on-premises or on-cloud.
A companies existing data, encompassing file, block and object, is ‘smart indexed’ and made more productive, safe and secure.
This enables ‘single pane of glass’ access and management, unified legislative compliance, cybersecurity / ransomware protections, and greater end user data productivity.
No new data sources or streams are introduced. The File Fabric is totally non-proprietary with no lock-in and bi-modal access to the storage.
CanStockPhoto / DGStudio