Showing 17 posts in Data Security.
2021 may be the year that privacy legislation explodes across the US. Already, several states including New York, Virginia, and Washington have introduced some form of privacy legislation (many are re-introducing bills that did not pass in 2020).
Many businesses devoted substantial resources to privacy compliance in 2020, thanks to the California Consumer Privacy Act (CCPA). They will be rewarded for that effort: during the fall election, Californians approved a ballot initiative that will strengthen the CCPA, dedicate billions of state dollars to privacy enforcement, and create a new enforcement agency for personal privacy rights.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning regarding a new “voice phishing” scam arising from the massive shift to teleworking during the pandemic. Under the new scheme, threat actors posing as the company IT department call workers and request usernames and passwords for the company’s systems in order to log into a new VPN link. The “bad guys” then have access to the company’s existing VPN and log in as if they are legitimate employees.
The temperature is rising in the data breach arena. Clearview AI, which produces facial recognition technology widely used by law enforcement, suffered a massive data breach last month.
The California Attorney General, complying with the terms of the California Consumer Privacy Act (“CCPA”), has released a new draft version of implementing regulations for that Act.
Every crisis is an opportunity for bad guys, it seems. The FTC issued a warning yesterday that can be found here.
It is a good idea to remind employees that they may see an upsurge in scam activity due to current events and remind them about personal and professional vigilance.
If are considering remote working arrangements for all or part of your employee pool due to Covid-19, now is the time to make sure your remote systems are secure. Adding remote capabilities requires extending your network’s connectivity, potentially adding multiple new devices to your network, and considering workflow and security measures when workers are not under your roof. All of these measures add vulnerability to any system. In order to protect your own company data as well as private information of individuals, it is helpful to have a plan in place earlier rather than later.
The spread of corona virus is making headlines for economic, health, and political reasons. Business-focused news also makes note of the impact of corona on international corporate travel planning. One other aspect of corona is worth noting for companies with international operations, however: data privacy. Many companies abroad are asking employees to declare whether they have been tested for corona, and/or what the test results show.
With the EU’s new privacy rules (GDPR) that took effect earlier this year, the California Consumer Privacy Act that takes effect January 1st, 2020, and the clamor for a federal data privacy law in the United States, it is increasingly clear that privacy will not, in the future, be an optional part of business operations.
For any U.S. business that has spent 2018 gearing up to comply with the EU’s new privacy rules General Data Protection Regulation (GDPR), which took effect in May, your time and effort were well spent. One month after the GDPR took effect, California rushed through a new law, the California Consumer Privacy Act (CCPA) that clearly took inspiration from broad aspects of the GDPR.