Protecting personal information of clients should be tops on your radar, and it’s growing increasingly complex. The recent enacting of the California Consumer Privacy Act (CCPA) may not directly affect your small business, but you need to know about it. It is definitely a sign of things to come regarding data protection.
What is the CCPA?
The CCPA is a regulation aimed at protecting the personal information of California residents, giving those residents more control over their data. You might think it has nothing to do with your small business. After all, you don’t operate in California, right?
The CCPA has jurisdiction not only over businesses operating in California, but also over all businesses that process the personal information of California residents. In order for the CCPA regulation to apply, the business must have annual gross revenue of more than $25 million.
So, you’re thinking, the CCPA doesn’t apply to my small business. I don’t operate in California or have customers in California. Even if I did, my business revenue isn’t anywhere close to $25 million.
But you do need to pay attention to CCPA, because it’s a sign of things to come. It was the first regulation of its kind in the United States, and other states have either enacted their own regulations or have legislation in the works. You need to be sure that you have data protection software in place.
A Data Privacy Regulation Example from New York
In March 2020 New York launched the SHIELD (Stop Hacks and Improve Electronic Data Security), which requires businesses to have safeguards in place to protect an individual’s private information.
As with the CCPA, the SHIELD Act works both ways. It doesn’t only apply to a business operating in New York. Any business that maintains the private information of New York residents is included.
The private information includes information such as credit or debit card number, bank account number, user’ names and email addresses, for example. The SHIELD Act requires businesses who have private information about New York residents to “develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of private information.”
Penalties for noncompliance, and breaches, can be high. For example, in the CCPA legislation, businesses which don’t comply with the CCPA can be fined from $2,500 to $7,500. California residents who are victims of a breach can sue the company.
The SHIELD Act is enforced by the state’s Attorney General. The maximum penalty is $250,000.
How Can Your Business Be Compliant with Data Protection Legislation?
Your first step is to take stock of how much personal information from customers you store on your computer or computers. Analyze how the data is stored and how it is protected.
Next, research data protection regulations in your home state. Is your small business in line with the requirements? Do you have the right software to keep your business in compliance with data protection regulations? Where are areas that need improvement?
Remember that if a breach happens, you’ll have to be able to prove that you were compliant with regulations. You may be asked to generate reports about your compliance efforts to prove that you weren’t liable.
Ideas for Outsourcing Data Protection
A number of companies specialize in information technology, network security and SaaS (software as a service). Those companies are already familiar with standard ways to secure data. They know how to maintain and provide the documentation that backs up those security efforts.
Let’s take a look at one of them.
Electric AI Works with Small Businesses
According to Alex Foley, CISO at Electric AI (Artificial Intelligence), the company works with businesses to develop and standardize the documentation processes involved with compliance reporting. The company focus is on startups and small businesses, helping them ensure they are compliant with all present and future legislation.
“Our typical customer has from 25 to 300 employees,” Foley said. “Customer industries include, but are not limited to, financial services, tech, consumer, advertising/marketing, HR, and health / wellness.”
Electric AI works with a range of businesses. They include those with no IT solution in place. But they also include those with an internal IT or an outsourced IT provider.
Common Data Protection Deficiencies in Small Businesses
“Many companies have unsupported and unpatched firewalls,” Foley said. “This lack of support and critical security patching could lead to a compromise of the firewall and the network behind it.”
Many companies possess ports and services open to the Internet. As a result, this leads to a compromise of the firewalls themselves or devices and services behind them. The Electric AI team offers an operational and security review of all new customers. For example, the review ensures devices get support from the manufacturer, have current patching and have a minimum of ports open to the Internet.
More than half of all customer workstations onboarded by Electric AI lack basic security controls. For example, basic security controls include automated security patching, full disk encryption, automated screen lock and firewall enabled.
What Does Electric IA Do?
Electric AI seeks to alleviate problems. As a result, the company performs a comprehensive network review and remediation as part of onboarding. For example, with workstations Electric AI works to implement a default set of policies. As a result, they improve the security posture of customer workstations.
Does Your Small Business Need Better Data Protection?
“We cannot officially tell stories, but we have seen more than a few situations where we have onboarded customers which had critical security vulnerabilities in their equipment,” Foley said. “Our reviews and remediation efforts dramatically improve these customers security posture in short order.”
With Electric AI, customers see information about their security. They also see their operational posture though the Electric Turbine Dashboard. For more information, email is email@example.com and phone is 646-779-1607.
Get the latest headlines from Small Business Trends. Follow us on Google News.
I guess it must be done. Most businesses misuse customer information simply because they said yes to an agreement. It is important to impose some limit on this.