Since the EU's General Data Protection Regulation went into effect, California and New York have successfully passed the California Consumer Privacy Act (CCPA) and Stop Hacks and Improve Electronic Data Security (SHIELD) regulations, respectively. There are 12 more states getting approval on data protection legislation currently, and that number is expected to grow.
As more disparate legislation is introduced across the US, what organizations must do to avoid costly regulatory fines will only become more complicated. Answer these questions, and you'll sleep a little better at night. Those that have a plan of attack or are already executing on these guidelines should feel confident that their enterprise is keeping the customer's best interests in mind.
● Do you incorporate "privacy and security by design" in your environment?Privacy and security by design are methodologies based on proactively incorporating privacy and data protection from the very beginning. This approach follows seven principles for implementing growing processes within your IT and business environments. Advocating privacy and security early on in your design process for specific technologies, operations, architectures, and networks will ensure you are building a mature process throughout the design life cycle.
● Is sensitive data encrypted during transit and at rest?Encryption keys are vital to the protection of transactions and stored data. Key management should be deployed at a level commensurate with the critical function that those keys serve. I strongly recommend encryption keys be updated on a regular basis and stored separately from the data. ..
Support the originator by clicking the read the rest link below.
