Cybersecurity is about to become that much more secure in California. In less than one year, several new cybersecurity laws go into effect. These laws — three specific ones — will change the way businesses conduct their business in California. They also effectively change the way data is managed, stored, and protected. Though some critics say the laws do not go far enough, California is the first state to pass legislation on cybersecurity. Whether you outsource data management and security or have an internal IT team that does it for you, here’s a summary of what you should be aware of and prepare for come January 1, 2020.
What is the California Consumer Privacy Act of 2018?
The California Consumer Privacy Act of 2018 (CCPA) was passed on June 28, 2018, and set to take effect on January 1, 2020. It is a law that mirrors the General Data Protection Regulation (GDPR), which came into effect this year in the European Union, but has a global impact on businesses everywhere. The CCPA will affect the way an organization or company collects data from its clients regardless if those clients are located physically in California or elsewhere. The CCPA allows consumers to request how their personal information is collected and what it is used for, among other things, and the company must comply with consumers’ requests in order to be in compliance with the law. This means a company must understand more thoroughly how it collects and stores data.
Amendments to the CCPA were signed by California’s Governor, Jerry Brown, on September 23, 2018. These amendments do two specific things:
- Delays enforcement actions by the attorney general until six months after final regulations are published or by July 1, 2020; and
- Allows private rights of action for data breaches.
This law makes it necessary for every company doing business in California to know about its data collection methods and purposes and opens them up to lawsuits should there be any kind of data breach.
What is Senate Bill No. 327 and Assembly Bill No. 1906?
Both Senate Bill No. 327 and Assembly Bill No. 1906 were signed by Governor Jerry Brown on September 28, 2018. These bills operate in sync and refer to and regulate the Internet of Things (IoT) devices or any connected device. These Bills are the first of their kind in the United States and are set to take effect on January 1, 2020. The lapse of 15 months between their signing and their enactment is purposely designed so that the industry can prepare itself for the changes required by these new laws.
These Bills require, in part, any manufacturer of a connected device to equip that device with a
“reasonable security feature or features that are all of the following:
- Appropriate to the nature and function of the device.
- Appropriate to the information it may collect, contain, or transmit.
- Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”
What is a “connected device”?
A connected device is defined as a
“any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”
What is a “reasonable security feature”?
A “reasonable security feature” is defined by the law and refers to devices that can be accessed outside a local area network (LAN). The feature requires:
- Preprogrammed password capabilities unique to the device; or
- A means to generate new authentication credentials before the device first grants access to it.
This definition, however, is deemed too vague by some and is thus part of the opposition to the new law.
Where can you find a IT support provider who understands California’s new cybersecurity laws?
If you live in or around the San Francisco Bay area, then you know there are many Cisco IT or Linux support companies out there. These IT support and consulting companies, however, are not alike. Some claim to be the best in security and compliance consulting while others actually provide it.
At Veltec Networks, you get the Linux Support and IT services support you need. You also get answers and solutions. Our professionals are experts who remain informed, especially with laws that affect you directly and that affect your security and compliance. Contact us today to learn more and to understand how we are helping our clients prepare for these legal changes to take effect in California in less than one year. Though the law delayed its start date, you shouldn’t. Preparation is your key to secured data and full compliance with the law.