How RedShield helps you manage vulnerabilities and comply with the California Consumer Privacy Act (CCPA), 2018
The California Consumer Privacy Act (CCPA) came into effect in January 2020, and as of 1 July 2020, enforcement has begun against businesses that violate the new privacy rights. The new rights for consumers in California include:
- to know what personal information is collected, used, shared, or sold, both in terms of the specific pieces of personal information and the categories they are collected under;
- to delete personal information held by businesses and by extension, a business’s service provider;
- to opt-out of the sale of personal information. Consumers can direct a business that sells personal information to stop selling that information; and
- to non-discrimination in terms of price or service when a consumer exercises privacy right under CCPA.
Failure to comply with the new regulations can open businesses up to “private rights of action” from California consumers, and civil penalties levied by the California Attorney General.
CCPA has parallels with the European Union’s General Data Protection Regulation (GDPR) introduced in 2018. So, if you already comply with this regulation, you’re off to a good start.
Good news for RedShield partners and their customers
To meet our obligations as a Service Provider under CCPA, RedShield has already updated regulatory tools and processes that ensure our compliance with GDPR as a Data Processor. These tools and processes also help our subscribers meet their obligations.
RedShield plays their part in helping you comply with the California Consumer Privacy Act (CCPA)
Whilst we will do everything to ensure we are compliant with CCPA regulations, we need our service subscribers to own their compliance with the regulation. Especially how they use the services we provide to process personal information.
CCPA and GDPR are only similar. Don’t assume that because you are compliant with GDPR that you will be with CCPA.
If your business collects personal information about California consumers, then you may be subject to the CCPA. RedShield recommends you consult the statute, regulations, and legal counsel to determine what obligations, if any, you may have.
CCPA requires better security and that means proper vulnerability management & remediation
Robust vulnerability management is one of the most effective ways to prevent data breaches. Research shows over 60% of recent data breaches were the result of unpatched known vulnerabilities. The California Attorney General has also stated that “patching newly discovered security vulnerabilities is critical”.
However, traditional methods for patching known vulnerabilities aren’t easy. Using developers to rewrite application code to patch vulnerabilities can take time and sometimes be tricky and not work, particularly with old or legacy systems.
This is where shielding comes in to help you manage and remediate vulnerabilities quickly and effectively. ‘Shields’ are actually custom code objects, designed to fix vulnerabilities at the proxy layer, ensuring attacks are harmless before they reach your application. This means you can shield known vulnerabilities virtually, without having to touch a single line of application code. And this can be done for old, legacy and new applications, API’s – all sorts.
RedShield has developed thousands of custom ‘shields’ to remove the risk of known vulnerabilities. Using their unique fat proxy architecture, they can have known vulnerabilities shielded within hours, rapidly removing all vulnerability risks.
Shielding known vulnerabilities can help ensure your data remains safe and secure.
Like their security online, RedShield takes consumers’ rights seriously
Regardless of the regulatory framework in question, RedShield does not:
- sell, rent, or otherwise disclose personal information we collect in exchange for money or something else of value, this is not our business model;
- process personal information for any commercial purpose other than providing our shielding services; or
- retain, use, or disclose personal information outside of the scope of the agreement we have with our subscribers.
- In fact, due to the reducing value of all data collected by our shielding service, we purge our logs on a rolling 90-day basis, ensuring we comply with our privacy obligations.
How RedShield handles enquiries under CCPA & GDPR
If we receive any request, complaint, or other communication from a verifiable consumer, regulatory authority, or third party in connection with our processing of subscribers’ content, we take prompt action. We inform the subscriber, to the extent legally permitted, and provide details.
Unless legally obligated to do so, we do not respond to any enquiry without a subscriber’s prior consent except to confirm that the request relates to them.
The processes we use to respond to such inquiries include requirements for verification of consumer identity. However, since RedShield has no business use for any personal information that might be recorded by our services, this data can be removed on request.
Act now to ensure your organization is compliant with CCPA
If your organization collects personal information on California consumers and is not currently CCPA-compliant – act now or risk hefty penalties.
Schedule a discovery call with a RedShield Solution Architect to discuss how shielding technology can help you achieve CCPA compliance, and perhaps more importantly – keep any personally identifiable information (PII) safe and secure.