California has led most states in enacting legislation to protect consumers from identity theft. California’s Data Breach Notification Law was the first of its kind to protect consumers. Yet, California has now gone a step further by introducing a new security law, AB 375. In this article, we take a look at both of these laws and what it can mean for you (even if your company is not in California).
What is the California Data Breach Notification Law (AB 375)?
The threat of data breaches in the United States continues to rise, along with the potential impact on the lives of the average consumer. The state of California has led most states in enacting legislation to protect consumers from identity theft, and in fact became the first state to introduce its California Data Breach Notification Law in 2002.
It is a model that many states have since followed and has been modified over the years with amendments as recent as January 2017.
Recently, California’s legislature passed new data privacy legislation to create the strongest privacy controls of any state in the U.S. This new law, the California Assembly Bill 375, the California Consumer Privacy Act of 2018, attempts to bring more transparency to the murky trade in personal data.
This new law is evidence that California takes consumer security and protection very seriously. The state essentially decided its existing laws weren’t strict enough, so it took the extra step of extending it to become even more stringent and far-reaching.
This new California data privacy law goes into effect in 2020 and gives consumers the right to request all of the data businesses are collecting on them, as well as controls to make sure businesses don’t sell their information.
The passing of the California data breach notification law is unprecedented when you consider that it requires compliance in the same way GDPR does. Specifically, companies must adopt stricter privacy policies for all customers and prospects—whether they reside in California or not.
This California breach notification law could also be the first “domino” to fall as other states look to pass similar legislation to roll out additional data privacy regulations. While 2020 seems far away, it’s closer than you think, and this new law will only make security compliance more challenging.
How CSPi can help with the California Data Breach Notification Law
At CSPi, we understand the challenges to complying with data privacy laws like the California Data Breach Notification Law and the California Consumer Privacy Act of 2018.
This is why our focus has been on securing critical data no matter where it resides, how it is used and how it is accessed – and providing tools that let you know when and which protected data records have been breached quickly as well as a complete audit trail and forensic records. This way when the inevitable breach does occur, there is no question about compliance.
Specifically, our solution meets the following data privacy compliance requirements:
- Protected data breach reporting within 72 hours to meet most notification requirements
- Verifying critical PII data was properly protected by encryption or other advanced security means, rendering it unusable if accessed
- Detailed reporting that can be used in any legal or auditing proceedings
Interested in learning more, and what makes CSPi solutions different? Download our white paper, “How to Secure DevOps Across Any Environment,” view any one of our on-demand webinars, or contact us today.