Category Archives: Regulatory Risk

Immediate Vault Immediate Access

3 Tips for CCPA Enforcement During COVID-19

Posted on by

As we move into the second half of 2020 and the California Consumer Privacy Act (CCPA) is officially enforced, we are also in the midst of a global crisis that was not properly on the radar when the regulation was enacted in January. Organizations are now being tasked with CCPA compliance in an unexpected remote work environment, with more personal data available online than ever before. And some organizations have the added privacy challenge of contact tracing practices or applications being used internally to monitor employee health.

Even in the remote work environment, relevant companies must ensure that they are informing customers and staff about what data they are collecting, options for which personal details are being gathered, the right to say no and opt out of data collection, the right to request deletion of their information, and equal pricing despite their privacy selections.

Many businesses are still struggling to implement these guidelines and are attempting to avoid significant penalties, all while meeting uptime demands. Below are some tips from security and technology industry experts for the best ways to implement CCPA compliance:

Rely on Data Privacy Regulation Experts 

There is increasing uncertainty around many businesses’ futures, and therefore, it is critical to turn to data privacy regulation experts for advice, guidance and technological support. 

“With exponential amounts of enterprise data only increasing, ensuring data privacy involves layered, complex challenges for any business. From a cloud hosting perspective, meeting evolving compliance and privacy regulations, such as the CCPA law which is just beginning to be enforced, is one of those layers. One of the most important steps organizations can take to guarantee they are on the right path towards compliance is to rely on hosting providers that have teams experienced with privacy law regulations,” said Lex Boost, CEO of Leaseweb USA.  

While it may be tempting to rely on internal teams during the economic downturn, employee burnout in already resource-strapped IT and security teams could cost the companies more in talent loss and potential breaches/fines. Thus, companies should evaluate external providers.

Boost also said, “These providers can guide the process needed to guarantee data is managed within current and upcoming privacy regulations, allowing organizations to focus on maximizing data usage and the experience for their customers.”

Have the Right Cybersecurity Measures in Place 

Proper cybersecurity measures are often major components for achieving compliance with a variety of regulations, but especially the CCPA, which is focused on protecting sensitive data and users’ privacy rights. With major hacks making recent headlines at companies like Twitter, and ransomware attacks that threaten to exfiltrate and leak private data on the rise, companies should be on high alert.

“Nobody is safe from an attack leaking personal information, and it’s absolutely essential that correct cyber measures are in place to secure privileged accounts, in particular, as thoroughly as possible. With more information online and spread out than ever before, hackers not only have the ability to scam people, but also undoubtedly have access to private messages, security information, and other personal data,” said Torsten George, cybersecurity evangelist at Centrify.  

On top of increasing breach risks, many companies’ distributed workforces are making security preparedness even more complex. But there are solutions, according to George: “To protect organizations during this transitional remote working phase and the implementation of CCPA, it’s imperative to provide your IT administration teams, outsourced IT, and third-party vendors with secure, granular access to critical infrastructure resources regardless of location and without the hassles of a virtual private network (VPN). Privileged access management solutions can both maintain compliance and enable secure remote access to on-premises and cloud-based infrastructures, securing all administrative access with risk-aware, multi-factor authentication (MFA), and maintaining the level of compliance CCPA requires.”

Look Toward the Future 

The CCPA currently protects Californian’s privacy rights, but many legal and security experts think this could inspire a similar regulation at the federal level if it is successful.

“The CCPA is the first law of its kind in the United States, and it could set a precedent for other states. And because it applies to most companies who do business with individuals residing in California, the sweeping new law promises to have a major impact on the privacy landscape not only in California, but the entire country. The passage of a cohesive U.S. federal privacy law, one that will preempt state laws, is gaining momentum. It has strong bipartisan congressional support, and several large companies from a variety of industry sectors have come out in favor of it, some even releasing their own proposals. There are draft bills in circulation,” said Wendy Foote, senior contracts manager at WhiteHat Security.

Foote also advised, “With a new class of representatives sworn into Congress in 2019 and the CCPA effectively putting a deadline on the debate and officially being enforced in July, there may finally be a national resolution to the U.S. consumer data privacy problem. However, the likelihood of it passing in the very near future is slim. A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law.”

It will take several months of negotiation for lawmakers to agree upon how the federal law would be implemented. While companies wait for the passage of a national privacy law and for it to take effect, they must continue to monitor developments in both state and federal privacy law and adapt as necessary.

Consumer privacy will continue to evolve, particularly in the time of COVID-19. Because of this, newer laws and regulations, like the European Union’s GDPR and the CCPA, must be flexible and evolve over time too.

Americans Mistrust Companies with Personal Data, Study Shows

Posted on by

According to a new survey by the Pew Research Center, most Americans believe that companies are tracking their activities on and offline, and that this activity is unavoidable. Not only that, but many also believe that they have little control over who can access an array of personal details, such as their location and online activity, including purchases they have made online or in person. This mistrust, coupled with the advent of more stringent data privacy regulations, means a more complex risk landscape for businesses operating online.

While companies often market services that collect data as improving the customer experience, those users likely disagree.

buy tenormin online www.northwestmed.net/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

In fact, 81% of the American public believe that the risks of companies collecting their data outweigh the benefits. This may have to do with a lack of understanding of what companies do with their data—59% say “they have very little/no understanding about what companies do with the data collected.”

It may also be a perceived lack of control over how companies are collecting and using that data, with 81% saying that “they have very little/no control” over companies collecting their data, and 79% “very/somewhat concerned about how companies use the data collected.” With more online activity, 72% of respondents said that “all, almost all or most of what they do online or while using their cellphone is being tracked by advertisers, technology firms or other companies,” and 64% report seeing ads based on their personal data.

Many companies outline how they use customer data in terms of service or other privacy disclaimers—according to the survey, 81% of respondents say they are asked to agree to a privacy policy at least once a month, and 25% almost daily. However, 74% report that they sometimes or never read a company’s privacy policy before agreeing, and only 22% read the entire text if they do read it.

Pew Data Trust

Security is also a worry, with 70% reporting that they feel like their data is less secure than it was five years ago and only 6% saying it is more secure today than in the past.

buy tretiva online www.northwestmed.net/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

Considering the vast array of data breaches, seemingly across all industries, this is likely not surprising.

buy albenza online www.northwestmed.net/wp-content/uploads/2023/10/jpg/albenza.html no prescription pharmacy

Millions of Americans have received notices from their banks, hospitals, or even their hardware store or ride-share app that their personal data has been compromised. According to cybersecurity company Norton, the first half of 2019 saw 3,800 breaches exposing 4.1 billion records, a 54% increase from the first half of 2018.

Given these results, it is no wonder that states, countries, and regions are beginning to enact strict regulations about data privacy. The California Consumer Privacy Act (CCPA), which provides protections for the data of California residents, also exposes businesses that collect, store, use and disclose those residents’ data to serious liabilities. In response to some companies hiding breaches from the public, states are also weighing stronger breach reporting requirements with larger fines for violations. Whether these efforts will diminish user mistrust is unclear—63% said that “they understand very little or nothing at all about the laws and regulations that are currently in place to protect their data privacy.”

Trade Dispute Worries US Companies in China

Posted on by

As the Trump administration wages an economic battle with China in the form of reciprocating tariffs and other economic measures, it may not be a great time to be an American company operating in China. The US-China Business Council (USCBC), an organization made up of 200 U.

buy arimidex online www.phamatech.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

S. companies that do business with China, released its annual member survey, finding the trade dispute—and the ongoing political tensions underlying it—are a huge concern for these companies and may be adding to worries about doing business in China.

Since the Trump administration declared a tariff on billions of dollars of Chinese exports in June 2018, the United States and China have traded retaliatory economic measures.

buy xenical online www.phamatech.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

Negotiators from the countries are preparing to meet in October, hoping to break a deadlock, even as each side moves to put pressure on the other’s economy.

Last month, President Trump announced increased tariff rates on Chinese imports, and tweeted that American companies were “hereby ordered to immediately start looking for an alternative to China, including bringing your companies HOME and making your products in the USA.” Some U.S. business groups condemned the moves and the president’s rhetoric, including the National Retail Federation. “It’s impossible for businesses to plan for the future in this type of environment,” said David French, the federation’s senior vice president of government affairs. These moves are an outgrowth of continued tensions, both economic and political, between the two countries.

It is no wonder then, that between 2018 and 2019, the percentage of USCBC members who said that their company’s business had been affected by US-China “trade tensions” increased from 73% to 81%. Of the reasons companies reduced or stopped planning investment in China in the past year, 60% of respondents cited “increased costs of uncertainties from US-China tensions.”

Among the real-world results of the trade dispute, USCBC members reported that the biggest impact was “lost sales due to tariffs implemented by China” (49%) and “shifts in suppliers or sourcing due to uncertainty of continued supply” (43%). The majority of the other concerns have to do with uncertainty or stigma attached to U.S. companies in China. Additionally, 26% of respondents projected that their current year revenue from China would decrease, compared to 9% in 2018.

The USCBC reported that “respondent optimism about China market prospects five years from now is at a historic low,” with the country’s stringent regulatory environment posing the largest driver of long-term doubt for U.S. companies. Indeed, the survey showed that, for 2019, 14% had a pessimistic or somewhat pessimistic five-year outlook, while 21% were neutral, an increase of 5% for both since 2018. However, the trade disputes are a major driver of short-term pessimism.

Also, when asked about cyber-related issues with doing business in China, 64% of respondents reported that “U.S.-China political tensions” were their biggest worry. And with good cause: According to cybersecurity firm Crowdstrike’s 2019 Global Threat Report, in the past year, the firm “observed an increasing operational tempo from China-based adversaries, which is only likely to accelerate as Sino-U.S. relations continue to worsen.”

And the impact reaches far broader than just companies that do business in China, like the members of the USCBC. As reported in the Risk Management article “The Business Impact of Trump Tariffs,” because many companies have complex, interconnected international supply chains, the trade dispute has a much broader effect on a wider array of businesses and industries. For example, a tariff on Chinese solar panels does not just hurt Chinese solar panel companies, it hurts U.S. manufacturers that supply parts for those panels, and U.S. companies that rely on components from Chinese manufacturers are affected as well.

Aon’s Top Cyber Threats for 2019 Revealed

Posted on by

Companies’ cyber risk profiles should be updated in tandem with each new digital technology that it embraces, according to Aon in its 2019 Cyber Security Risk Report. The scale of attacks and their impact on organizations is intensifying, and as recently reported, are becoming less predictable. Ransomware attacks may have peaked in 2018, as industry experts have noted, which sent malicious actors reverting to good old fashioned digital extortion, albeit with a slight twist.

Adopting a proactive outlook is the best way for companies to respond to the complex and changing set of cyberrisks, said Jason J. Hogg, CEO of Aon Cyber Solutions.

“To better prepare against attack, organizations should continually assess their overall cyber risk profile, remediate where recommended and proactively manage their defense,” Hogg said.

The report discusses eight prominent areas where organizations are expected to face cybersecurity threats this year.

  1. Technology
  2. Supply Chain

  3. IoT
  4. Business Operations
  5. Employees


  6. Mergers & Acquisitions
  7. Regulatory
  8. Board of Directors