Over the past few years, there has been an enormous shift in cybersecurity. Some of the world’s largest corporations have suffered significant data breaches, highlighting the vulnerability of computer systems to the likes of hackers and other malicious software techniques. This has instigated the need for new laws to be passed globally to ensure that data is adequately protected and secure. It has also expressed the need for suitable and reliable IT solutions.
The fact is, the larger the corporation, the more likely it is to be hacked. But that does not mean small companies are not targeted at all. In fact, the opposite is true. If there is even a slight possibility of a hack, it is only a matter of time before a hacker finds a way through. Below are some new laws which your business needs to know about.
GDPR (General Data Protection Regulation)
GDPR is a guideline on how businesses should handle data for customers that come from the EU. If it is public, the business essentially needs a DPI (data protection officer), which ensures that you are completely compliant with your data protection obligations. You also need reasonable measures in terms of technical and administrative expertise to ensure that you are adequately protecting user data.
Children’s Online Privacy Protection Act (COPPA)
The law was passed to ensure the safety and privacy of all children under 13 years old. Any website collecting data on children must have parental consent. The sites must also state clearly what they are collecting, what it is used for, and where the data will be posted. The law states the legal responsibility of the site owners when it comes to children’s privacy; they must also give parents of children access to any data collected on their children.
California Consumer Privacy Act (CCPA)
This is almost a US replica of the GDPR law. It gives the residents of California the right to access their own personal data, know what is being collected about them, and refuse their data being sold. This law is relevant for any company that collects personal data from customers. There are certain stipulations that can be viewed here.
The New York State Department of Financial Services Cybersecurity Regulations
This is a set of rules known as 23 NYCRR 500 that governs how financial institutions, such as trust companies, banks, insurance companies, etc., are to implement and maintain effective measures to protect all their customer’s data. Things they must include are completed risk assessments and incident response plans. They must have highly developed cybersecurity policies, too, among other things.
Fair Credit Reporting Act (FCRA)
This act prohibits and restricts the use of information on many aspects of a person’s private data. These restrictions are included on things such as credit rating and mode of living, etc. The law also stipulates many other things, such as the destruction of certain kinds of data. Companies are also required as part of the law to create and enable programs that detect and respond to any and all instances of identity theft.