Tag Archives: privacy

Immediate Vault Immediate Access

3 Tips for CCPA Enforcement During COVID-19

Posted on by

As we move into the second half of 2020 and the California Consumer Privacy Act (CCPA) is officially enforced, we are also in the midst of a global crisis that was not properly on the radar when the regulation was enacted in January. Organizations are now being tasked with CCPA compliance in an unexpected remote work environment, with more personal data available online than ever before. And some organizations have the added privacy challenge of contact tracing practices or applications being used internally to monitor employee health.

Even in the remote work environment, relevant companies must ensure that they are informing customers and staff about what data they are collecting, options for which personal details are being gathered, the right to say no and opt out of data collection, the right to request deletion of their information, and equal pricing despite their privacy selections.

Many businesses are still struggling to implement these guidelines and are attempting to avoid significant penalties, all while meeting uptime demands. Below are some tips from security and technology industry experts for the best ways to implement CCPA compliance:

Rely on Data Privacy Regulation Experts 

There is increasing uncertainty around many businesses’ futures, and therefore, it is critical to turn to data privacy regulation experts for advice, guidance and technological support. 

“With exponential amounts of enterprise data only increasing, ensuring data privacy involves layered, complex challenges for any business. From a cloud hosting perspective, meeting evolving compliance and privacy regulations, such as the CCPA law which is just beginning to be enforced, is one of those layers. One of the most important steps organizations can take to guarantee they are on the right path towards compliance is to rely on hosting providers that have teams experienced with privacy law regulations,” said Lex Boost, CEO of Leaseweb USA.  

While it may be tempting to rely on internal teams during the economic downturn, employee burnout in already resource-strapped IT and security teams could cost the companies more in talent loss and potential breaches/fines. Thus, companies should evaluate external providers.

Boost also said, “These providers can guide the process needed to guarantee data is managed within current and upcoming privacy regulations, allowing organizations to focus on maximizing data usage and the experience for their customers.”

Have the Right Cybersecurity Measures in Place 

Proper cybersecurity measures are often major components for achieving compliance with a variety of regulations, but especially the CCPA, which is focused on protecting sensitive data and users’ privacy rights. With major hacks making recent headlines at companies like Twitter, and ransomware attacks that threaten to exfiltrate and leak private data on the rise, companies should be on high alert.

“Nobody is safe from an attack leaking personal information, and it’s absolutely essential that correct cyber measures are in place to secure privileged accounts, in particular, as thoroughly as possible. With more information online and spread out than ever before, hackers not only have the ability to scam people, but also undoubtedly have access to private messages, security information, and other personal data,” said Torsten George, cybersecurity evangelist at Centrify.  

On top of increasing breach risks, many companies’ distributed workforces are making security preparedness even more complex. But there are solutions, according to George: “To protect organizations during this transitional remote working phase and the implementation of CCPA, it’s imperative to provide your IT administration teams, outsourced IT, and third-party vendors with secure, granular access to critical infrastructure resources regardless of location and without the hassles of a virtual private network (VPN). Privileged access management solutions can both maintain compliance and enable secure remote access to on-premises and cloud-based infrastructures, securing all administrative access with risk-aware, multi-factor authentication (MFA), and maintaining the level of compliance CCPA requires.”

Look Toward the Future 

The CCPA currently protects Californian’s privacy rights, but many legal and security experts think this could inspire a similar regulation at the federal level if it is successful.

“The CCPA is the first law of its kind in the United States, and it could set a precedent for other states. And because it applies to most companies who do business with individuals residing in California, the sweeping new law promises to have a major impact on the privacy landscape not only in California, but the entire country. The passage of a cohesive U.S. federal privacy law, one that will preempt state laws, is gaining momentum. It has strong bipartisan congressional support, and several large companies from a variety of industry sectors have come out in favor of it, some even releasing their own proposals. There are draft bills in circulation,” said Wendy Foote, senior contracts manager at WhiteHat Security.

Foote also advised, “With a new class of representatives sworn into Congress in 2019 and the CCPA effectively putting a deadline on the debate and officially being enforced in July, there may finally be a national resolution to the U.S. consumer data privacy problem. However, the likelihood of it passing in the very near future is slim. A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law.”

It will take several months of negotiation for lawmakers to agree upon how the federal law would be implemented. While companies wait for the passage of a national privacy law and for it to take effect, they must continue to monitor developments in both state and federal privacy law and adapt as necessary.

Consumer privacy will continue to evolve, particularly in the time of COVID-19. Because of this, newer laws and regulations, like the European Union’s GDPR and the CCPA, must be flexible and evolve over time too.

Twist and Shout: Avoiding Workplace Injuries with Risktech

Posted on by

This week’s inaugural RIMS Risktech Forum highlighted many of the ways technology is changing how risk professionals approach their work, and the advantages of embracing new innovations. During the “What Can Risktech Do for Me?” panel, Mike Poulos of Marsh LLC, Jen Thorson of data analytics firm Modjoul, and Susan Shemanski, vice president of risk management for Adecco Employment Services discussed one of the practical applications of risktech—wearable workplace technology—to prevent injuries and unsafe behavior, protect workers, and mitigate liability for employers. In the course of normal business for many companies, employees in physically demanding jobs can twist, reach and otherwise strain their bodies in different ways that can lead to both immediate and long-term injuries.

buy prelone online cosmeticdermcenter.com/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

New technology offers a way to mitigate these risks.

After an overview of the general field of wearable risktech devices and their benefits, the panel discussed a real case of how a company implemented a program using belts that would track and collect data on employees’ movements, including twisting and reaching. The result, they said, was discovering multiple literal pain points for their employees and their company, and it may change how risk managers can root out and address risks like healthcare and insurance costs, employee health, morale and attrition, and even equipment costs.

For example, the panelists noted, one employee experienced pain when reaching bins on a bottom shelf as part of her work and even repurposed one of the bins as a stool for more comfort.

Another, whose job consisted of labeling packages, had to stretch to reach the label printer, aggravating their back in the process.

buy avodart online cosmeticdermcenter.com/wp-content/uploads/2023/10/jpg/avodart.html no prescription pharmacy

The belts provided data showing these strains, and the company adjusted the employees’ work spaces to alleviate them. After gathering and analyzing the data from the belts, the company hired an ergonomist and conducted employee training to reduce unsafe conduct, even using the data to produce a new training video for incoming employees.

The panelists stressed communication as an essential part of the adoption process, and noted the importance of addressing employee concerns—including whether the belts would collect blood alcohol level or heart rate (no to both)—before implementing the program.

buy biaxin online cosmeticdermcenter.com/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

To preempt privacy concerns and protect employees’ personal information, the company also anonymized the data the belts produced.

The benefits for companies from using this type of risktech are tangible and significant. Making work less dangerous for employees in physical jobs and reducing accidents and injuries can mean happier and healthier workers. This, in turn, can also positively affect productivity and attrition. Additionally, preventing workplace injuries can reduce healthcare costs, and companies can even sometimes use the data from wearable risktech devices to secure lower rates from their insurers.

As the panelists noted, in a tight hiring market, businesses may have to hire less experienced workers for physically demanding jobs, and monitoring physical movements can also help identify which employees may be doing dangerous things and need additional training. For example, ensuring that a relatively inexperienced forklift operator is not performing unsafe physical movements can prevent potentially catastrophic accidents that hurt the employee, the equipment, the company’s bottom line, and even its reputation.

Similarly, other panels at the forum showed how risk managers can use technology to address the risks their companies face, including utilizing artificial intelligence and machine learning, blockchain technology, and other innovative ways to harness data. For more information on how insurers and risk managers are using blockchain to change how they approach risk, check out the recent Risk Management articles “Can Blockchain Improve Insurance?” and “Strengthening the Links: How Blockchain Can Help Manage Supply Chain Risk.”

State of Privacy in 2018: Q&A With Richard Purcell

Posted on by

Jan. 28 marks the annual Data Privacy Day (DPD), which was adopted in North America to bring together businesses and private citizens in an effort to share strategies for protecting consumers’ private information. Richard Purcell, DPD advisory board member and CEO of the Corporate Privacy Group spoke to Risk Management Monitor about the current state of privacy.

Risk Management Monitor: How do you view privacy?
Richard Purcell: The concept of privacy is really complex and layered. I like to think of it as being grounded by two basic behaviors—respect and discretion.

buy estrace online www.dino-dds.com/wp-content/uploads/2023/10/estrace.html no prescription pharmacy

 The idea of privacy is not the same as secrecy. Secrets are not shared and are kept hidden as unknown ideas or thoughts, whereas privacy is the act of sharing information, trusting that the recipient will not share it any further.

RMM: How has technology redefined privacy?

buy suhagra online www.dino-dds.com/wp-content/uploads/2023/10/suhagra.html no prescription pharmacy

RP: Over the last several years, we’ve heard from individuals who believe that their privacy has been assailed. Upon examination, we might find some reasons that are relevant to our emerging technology use:

There are many instances in which people have lacked respect for their own information, sharing personal information with others and commercial interests without restraint. A simple review of Twitter, Facebook, Instagram, Flicker, Tumblr and other social media sites confirms this. Just as often, commercial players have shown a lack of respect for the personal information entrusted to them by individuals. Examples include banks that have used customer information to open accounts without providing notice or asking for consent. This is a distinct showing of disrespect for the information.

Information has become the basis for commercial activity, so using and sharing personal information is quickly becoming how companies make money—Facebook is a social media site, but makes more than 90% of its revenues by selling users’ data to advertisers—credit bureaus make their money solely be collecting financial info, not from people, but from other companies, in order to calculate risk and sell reports (for example, credit reporting has a long history regarding privacy thru FICRA, FACTA, and OECD FIPs.).

RMM: In 2000 you were named Microsoft’s first corporate privacy officer. How has the privacy landscape changed since then?
RP: Privacy and data protection are beginning to be better and more closely integrated into security practices. It’s taken a long time to get them better integrated.

buy nizoral online www.dino-dds.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

Security practices have strong levels of discipline without much of a human factor. Privacy practices have strong moral bases, which security is getting more in tune with, so they are sharing their traits in ways that are helpful.

We are not there yet, though, because security is a binary condition. You either have the security practices or you don’t. Privacy is harder to define because practices are more behaviorally based. We still find privacy issues are driven by human failings, errors or miscalculations as opposed to technologies.

Privacy professionals have gained more of a voice and authority over time in their organizations. They are not just advisers anymore, saying ‘Watch out for this,’ or ‘We can’t do that.’ They have become people with decision-making authority, which is only increasing. The position analyzes conditions and bases those recommendations on risk profiles and the challenges they present. Companies are then free to choose whether they take the risk or mitigate it.

RMM: What developments will impact your work in 2018?
RP: Regulatory changes matter a lot and apply to industrial sectors in the United States. External regulations are much more broadly applicable.

EU GDPR. Any company doing business in the EU has to adjust its governance program to comply with the GDPR by late May 2018. That means taking a broader definition of personal data; documenting its data processing activities; strengthening its user consent provisions; developing support for data erasure, portability and rectification; enhancing oversight and data breach responsiveness; and generally paying more attention to data protection.

EU ePrivacy. Broadband providers in the U.S. may celebrate the FCC dropping of the net neutrality/privacy rules, but they still have to deal with the EU ePrivacy Directive.

Australia, Korea, Japan and even China are strengthening their data protection programs. China announced its displeasure with the practices of Ant Financial (an Alibaba affiliate), Baidu (search organization) and Jinri Toutiao (newsfeed organization) for lacking adequate policies and practices in collecting, using and sharing personal information. You know something important is happening when China begins enforcing stronger privacy regulations.