Dubbed “CCPA 2.0,” a proposed initiative called the California Privacy Rights Act (CPRA) is gaining traction – and will likely make an appearance on the November 2020 ballot in California.
The original legislation, the California Consumer Privacy Act (CCPA), only came into effect on January 1, 2020, but we are already seeing potential changes to this data privacy regulation looming on the horizon. If passed, these proposed changes like CPRA could mean businesses will need to further beef up their data security measures.
Think your business doesn’t need to worry about the California Consumer Privacy Act (CCPA) because you don’t sell any data for business purposes?
You may want to take a second look.
Under the broad definition of “sale” used in CCPA, you could very possibly be subject to CCPA requirements and unknowingly failing to achieve and maintain compliance. With the financial penalties associated with non-compliance, not to mention the data security risk that results from ignoring CCPA requirements, it’s absolutely vital to make sure that you know whether or not your business activities would be considered to be “selling data” under the CCPA.
In our last blog post about CCPA, we went into the details of California’s comprehensive privacy law, more formally known as the California Consumer Privacy Act. Coming into effect January 1, 2020, the new privacy law pertain to companies that collect data from California residents, regardless of the location of the company - both within the United States and globally.
The hard-to-face reality is that billions of personal records are exposed each year. A commonly used, yet incomplete solution, is tokenization. Tokenizing sensitive data does not eliminate the need to achieve and certify PCI DSS compliance.
In order to completely descope from PCI, a business can partner with a data custodian (VGS) that handles 100% of data capture and vaulting – removing any compliance risk and completely avoiding data leaks.
The General Data Protection Regulation (GDPR) is a set of laws regarding data security that affect companies based in the EU and those with customers in the EU. Brexit is the proposed withdrawal of the United Kingdom from the European Union.
You may be aware of one (or both) of these subjects, but what may not be completely known is how one will affect the other. Understandably, there are reasons for concern for those doing business in or with the EU — since, as you likely know, the UK is part of the European Union — so let’s take a further look at GDPR and Brexit to see what effect they may have on how you run your company.
Very Good Security, Inc. (VGS), a global leader in secure cloud services, data protection, and compliance, announced today that its data centers and cloud infrastructure have successfully completed its annual PCI DSS 3.2 compliance.