Every year, IT professionals have more and more security threats to tackle. 2020 is no different.
Starting this year, Californians have new rights over their personal information. They have new control over how it is gathered, stored, and sold.
Data privacy laws are in place to protect customers and their secure information. They want to ensure their private data remains safe and secure.
After record-breaking numbers of security breaches, CA legislators have enacted new Data Privacy Laws. Here is how IT support for small business is impacted.
The Right To Know
Customers have the right to know. They are able to ask a company to produce a copy of all the information they collected from an individual.
This request also includes what area in the business gathered the information over the years if it was sold and to whom.
Companies are required to notify customers or clients of any personal information collected. They also need to inform customers if they are selling that information to anyone else.
The Right to Opt-Out
Users have a right to opt-out of their data sold to anyone else. However, this does not mean users opt-out of their information being collected or used in the first place.
Soon, most websites will have a handy button that says, “do not sell my personal information.” Clicking on that button means a business cannot legally sell the data to a data broker or marketing firm. However, it can still use the data itself.
This option means customers will still have targeted ads show up when logged in, but they will see less from third party companies.
The Right to Equal Service and Price
The right to equal service and price is an attempt to give companies a way to gather that information. It authorizes the business to offer financial incentives in exchange for personal information.
Customers have a right to know about these incentives and their relation to personal information.
The Right to Delete
Individuals have a right to ask for any company to delete all the information on them. Companies must delete all the information when a customer asks.
If the company sold information, they need to ask the other company to also delete the data. All companies must provide contact information for anyone to send any delete requests.
The Right to Non-Discrimination
Businesses are not allowed to discriminate against a customer. This discrimination includes denying them a product, charging a different price for goods, or offering a different quality.
Data broker companies are those that never interact with a customer. Instead, they take and sell information from other sources.
New California law states that these companies must register with the state by Jan. 31. There will be a list of these data brokers online. Customers will be able to access that list and make any requests from there.
Reasonable Security Features
Two new laws have been put into place to regulate internet devices. Essentially, they require manufacturers of connected devices to equip reasonable security features.
What is a reasonable security feature? It is one that appropriates the device’s purpose and the information is collected. It is designed to protect the device itself and any information on it.
This means that new devices could have preprogrammed password capabilities. They could also have a way to generate new authentication before the device grants the first access. There may be other reasonable security features we will see a little later in the year as well.
If your company has had to follow GDPR guidelines in the past, you should not have any trouble with the new laws. Those who have not had to may struggle.
Here are some important steps to take to ensure your business complies with the new laws.
- Update Your Policies and Privacy Notices
You will also need to include descriptions of the new customer rights (the right to know, delete, and opt-out). Their rights need to be readily available to them.
- Update Your Data Inventories and Strategies as Well as Your Business Process
You will need to maintain an inventory of all the data you collect. This inventory will track any processing activities, business processes, third party products, and applications.
It should identify which data is included in a sale and which is sent to a third party. Your inventory also needs to determine what personal information is exempt, including data collected over a year ago.
- Implement New Protocols
You will need to ensure all your protocols include the new consumer rights. (Refer to customer rights above).
- Update IT Support for Small Business
Remember the “reasonable security updates” from earlier? It is time to make sure all your business devices have these in place. Tackle any devices with high-risk gaps first.
- Update Third-Party Processor Agreements
If your business works with third-party contracts, it is time to update those. This update agreement needs to require third parties to have their own data inventories. It should also require tracking specific data elements shared or sold anywhere else.
Any employees who handle customer inquiries need to learn of the new laws in place. They should also learn about any penalties for not complying.
What happens if your business does not comply with the new requirements? You will see yourself owing some hefty fines.
If you fail to have reasonable security for customer information, that customer can take legal action. This fine can be $100-$750 per violation.
The Attorney General drives all other penalties regarding security. Depending on the violation, these penalties can be up to $7,500 per violation.
Importance of New Security
In the time where customers feel like the internet is watching them, we need to put in new security measures.
The new laws in place give IT support for small business and keep them coming back to companies they trust. Be one of those companies. Learn these new laws, your customer’s rights, and put measures in to comply with them.
Need help ensuring your IT is up to date? Contact us today to further discuss how we can help.
Sagacent Technologies offers technology management and support, including proactive/preventative maintenance, onsite and offsite data back-ups, network and security audits, mobility solutions, disaster planning and emergency business resumption services. The company serves clients of 10 to 150 employees within the Silicon Valley region.