From July 1, 2020 the California Consumer Privacy Act (CCPA) went live. This is the U.S.'s attempt to develop a consumer-protecting privacy framework along the lines of the European Union General Data Protection Regulation (GDPR), albeit in a slightly less stringent form. While the CCPA is a California specific area of legislation it not only extends to companies working in California but also firms that undertake business within California. Given the size of the Californian economy, where the economy is greater than many nation states, the new measures have a truly global impact.
READ MORE: Are you ready for (CCPA) privacy rights and consumer protection?
Looking into the security issues is Cindy Provin of Entrust Datacard. Provin assess the necessity of establishing roots of trust throughout the enterprise during the initial months of the CCPA kicking in.
Provin sees security as essential, stating: “Encryption protects sensitive information including financial data, government identifications and Social Security numbers by making it unreadable." Yet there is an important point to take note of, says Provin. This is "if you fail to protect the encryption keys it’s like locking your front door and leaving the keys under the mat." This means the necessity of developing robust encryption keys and security credentials.
According to Provin, business investment in encryption goes beyond simply ticking a box marked 'compliance requirements'. A good security measure can also help to increase customers and enhance the reputation of a firm. With this point she states: “When businesses employ encryption and key management, they are better positioned to win and keep customers everywhere."
As to what this entails, Provin says: "A root of trust must be established to ensure that the keys and credentials that underpin the security of the encryption solutions deployed are always protected. Hardware security modules can enable that, acting as the root of trust to store and manage encryption keys and credentials.”