All Articles
“The California CPRA Privacy Law is Coming for You this January”
Does your company do any business with California residents or businesses? Do you have even one employee in California? Do you generate $25 million or more in gross revenue? Are you a service provider or contractor for a California based company that is subject to the GDPR?
If so, you should know by now that in a mere 2 ½ months the “California Privacy Rights Act” (CPRA) enforcement will begin, and with it some much-expanded privacy rights of California residents, and some much-expanded privacy obligations for businesses.
Background:
The CPRA is the most robust consumer privacy law in the United States. In November 2020, California voters approved the California Privacy Rights Act of 2020, otherwise known as the CPRA. This is an amendment to the California Consumer Privacy Act (CCPA) that voters approved in 2018.
The CPRA has now modified, expanded, and clarified privacy rights for California residents, and it takes inspiration from the EU’s GDPR policy in a variety of ways. For instance, the CPRA creates a new enforcement agency. Previously the CCPA was enforced by the California Office of the Attorney General. However, in the EU, GDPR is enforced by data protection authorities –– and now, California has implemented one, too: the California Privacy Protection Agency (CPPA).
Purpose:
CPRA’s purpose is to redefine and expand the California Consumer Privacy Act (CCPA) in order to strengthen the rights of residents of California. It provides consumers greater opportunity to opt out and requires deliberate data privacy management from businesses.
California has made it clear that they are serious. These rights can and will be enforced by private citizens, all California district attorneys, and the newly created “California Privacy Protection Agency” mentioned above and created solely to enforce privacy laws.
What are these rights?
The CPRA expands and amends the previous California privacy laws. Taken together they consist of the following bundle of privacy rights:
- Right to Access personal information.
- Right to Delete personal information.
- Right to Correct personal information.
- Right to Object to Selling personal information.
- Right to Opt-Out of behavioral profiling and automated decision making.
- Right to Object to the Use of Sensitive Information.
- Right to Data Portability.
But that’s not all:
- Purpose Limitation – Personal information can only be used for the purpose it was originally collected.
- Children’s Data – Fines are now tripled for violating the privacy rights of children under 16.
- Storage Limitation – Personal information must be destroyed once it has been used for its purpose at collection.
- *Reasonable Cybersecurity Controls – Security controls must be commensurate with the sensitivity of the data you are protecting. This part by itself is just as big an undertaking as complying with the rest of the CPRA.
What are the penalties?
$2,000 per offense for mistakes, $2,500 per offense for negligent mistakes, and $7,500 per offense for intentional offenses.
Please be aware – These offenses are accumulative and every California resident impacted by the same event will constitute a separate offence.
This can mean fines well into the millions of dollars
So far, under the CCPA (the current main California Privacy law) there has been numerous private settlements reaching into the millions of dollars including a recent one for $10 million - and just this past August Sephora was fined $1.2 million by the California Attorney General.
Becoming compliant with the CPRA is not an easy task, you will need to find out where every bit of personal data comes from and how it is handled. Then you will need to figure out how to actually comply with the law which will take policies and procedures and technical implementations. We at Digital Edge are experts in compliance and can assist you in developing a strategy and plan to ensure your business is protected and align with the January 2023 deadlines.
For more information contact sales@digitaledge.net
Digital Edge Achieves Level 1 Managed Security Service Provider Competency Status
New York, NY, Sept. 08, 2022 (GLOBE NEWSWIRE) -- Digital Edge announced today that it has achieved Amazon Web Services (AWS) Level 1 Managed Security Service Provider (MSSP) Competency status. This designation recognizes that Digital Edge has successfully met AWS requirements for a baseline of managed security services to protect and monitor essential AWS resources 24/7, known as Level 1 Managed Security Services.
This new baseline standard of quality for managed services was introduced by AWS to benefit cloud environments of any size and it spans six security domains: vulnerability management, cloud security best practices and compliance, threat detection and response, network security, host and endpoint security, and application security. The six domains contain multiple MSSP services, each with technical skill set and operational process requirements specific to AWS.
AWS launched the AWS Level 1 MSSP Competency program to enable customers to easily acquire ongoing security monitoring and management, validated by AWS. AWS security experts annually validate the tools used and operational processes of each MSSP to address specific cloud security challenges such as continuous event monitoring, triaging, AWS service configuration best practices, and 24/7 incident response. The AWS Level 1 MSSP Competency provides a faster and easier experience for customers to select the right MSSP to help them achieve their goals for business risk and cloud strategy confidence.
Achieving the AWS Level 1 MSSP Competency differentiates Digital Edge as an MSSP and AWS Partner with essential 24/7 managed cloud security skill sets to earn the distinction of Level 1 MSSP.
“ We are thrilled to have achieved AWS Level 1 MSSP Competency. With AWS, we seamlessly provide our clients flexible, scalable, and cost-effective cloud solutions that modernize their IT infrastructure. Our comprehensive cybersecurity offerings ensure our client solutions are compliant with frameworks and meet the certification requirements,” says Mike Petrov, Chief Executive Officer, Digital Edge.
As an AWS Level 1 MSSP competency-approved and AWS Advanced Technology Partner, Digital Edge has developed a comprehensive cybersecurity offering for AWS customers. The firm employs a core team of strategic cybersecurity experts who have expertise with the following compliance certifications: NIST, CSF Core, IS0 2700, SSAE18/SOC2, PCI, HITRUST, OSPAR.
Digital Edge provides 24/7/365 managed service solutions allowing AWS customers to accelerate their organizational growth and business value in the cloud without sacrificing security. Digital Edge also monitors and secures AWS infrastructure in conjunction with existing IT security teams and externally.
About Digital Edge
Digital Edge brings together a unique combination of talent, partners and products to support digital transformation for start-ups to enterprise wide organizations. Digital Edge serves the Banking, Fintech, Media, and IT sector with mission-critical expertise in security, networking, data center, collaboration and cloud solutions. Learn more at www.digitaledge.net.
PRESENTATION: Cyber Security and Data Governance Webinar
Digital transformation requires a flexible cloud foundation, one that few organizations feel confident in deploying without the support of a trusted third party. Digital Edge is a global managed service provider with over 25 years of experience.
We understand that the impact of a remote workforce and shifting regulatory requirements has caused significant complexity within most organizations. Whether it is building out a cloud strategy, cloud cost optimization or ongoing management of cloud workloads, ensuring you are meeting all the necessary compliance certifications is of paramount importance.
We would love to hear more about your company and where you currently are in your cloud journey. We can offer a one-on-one chat, a virtual lunch and learn meeting, or present in any of your upcoming team meetings.
Digital Edge’s CEO, Michael Petrov, was welcomed as a guest speaker for CTG Intelligence Managed Security Services Forum
Recently Digital Edge’s CEO, Micheal Petrov, was welcomed as a guest speaker for CTG Intelligence Managed Security Services Forum (#MSSTriState).
Mandatory Manual Reviews and Audits – SSAE-18 SOC2 Requirements.
Digital Edge's Compliance team has noticed that organizations and IT/compliance groups lack understanding of mandates for scheduled reviews and audits.
Each cybersecurity standard or framework has its own unique requirements. This article provides information on minimal required reviews and audits by PCI standard.
Top Security Trends To Keep In Mind When Implementing New Technology
Suppose you’re implementing new technology to secure your business. Whether you’re updating your current system or looking for ways to support a hybrid or remote working model, you need to be aware of the top security trends.
So, which are the new security trends you need to be aware of when implementing new technology to protect your business?
Keep reading for a complete guide to the top security trends, from technologies that support hybrid working to technologies that ensure your system can keep up with the changing demands of the security landscape.
Mandatory Manual Reviews and Audits – PCI Requirements.
Digital Edge's Compliance team has noticed that organizations and IT/compliance groups lack understanding of mandates for scheduled reviews and audits.
Each cybersecurity standard or framework has its own unique requirements. This article provides information on minimal required reviews and audits by PCI standard.
Mandatory Manual Reviews and Audits – ISO 27001 Requirements.
Digital Edge's Compliance team has noticed that organizations and IT/compliance groups lack understanding of mandates for scheduled reviews and audits.
Each cybersecurity standard or framework has its own unique requirements. This article provides information on minimal required reviews and audits by NIST CSF standard.
Mandatory Manual Reviews and Audits – NIST CSF Requirements.
Digital Edge's Compliance team has noticed that organizations and IT/compliance groups lack understanding of mandates for scheduled reviews and audits.
Each cybersecurity standard or framework has its own unique requirements. This article provides information on minimal required reviews and audits by NIST CSF standard.
Mandatory Manual Reviews and Audits – HITRUST Requirements.
Digital Edge's Compliance team has noticed that organizations and IT/compliance groups lack understanding of mandates for scheduled reviews and audits.
Each cybersecurity standard or framework has its own unique requirements. This article provides information on minimal required reviews and audits by HITRUST standard.