Last year was a big year in the world of information security with data privacy issues, new regulations and several high-profile data breaches. Now that 2019 has arrived, what should corporations be doing to comply with the various data security and privacy regulations?
Here are the top 5 resolutions that companies should make in 2019 to make it easier to comply:
- Adhere to security attributes: Learn and enforce the information security attributes: Confidentiality, Integrity and Availability. Create a cross-functional governance team, chaired by the Chief Information Security Officer and regularly monitor threats and enforce information security practices.
- Comply with privacy laws and regulations:
- If you are a business dealing with the European countries make sure you comply with the Global Data Privacy Regulation Act (GDPR) that became law in May 2018. Failing to comply can result in steep fines in the event of a data breach.
- The California Consumer Privacy Act (CCPA) is now in the “public consultation” period, the new law will take effect on January 1, 2020. If you are based in or have any business with California, you better plan for this new regulation and comply!
- Think globally: If you are operating your business globally, make sure you conform to the trade compliance and export control laws. Also, consider creating a trade and export compliance officer role for your corporation.
- Be proactive: Comply with industry and state-specific data and customer privacy regulations (e.g. PCI data security standard for financial data, HIPPA).
- Mind the cloud: If your data is hosted in the public or private cloud, remember that data security is a shared responsibility! While your service provider will provide security at the various levels of the infrastructure they are responsible for, you should audit and ensure that the service provider controls meet your requirements AND you must implement your own data protection, authentication and authorization policies to keep your information secure at all times.
Modern businesses must be ready to meet data security regulations wherever they do business. Please click here to see if your organization is Fit for Compliance. You can also leave a comment below or follow Thales on Twitter, LinkedIn and Facebook.