What Stricter Data Privacy Laws Mean for Your Cybersecurity Policies

Dec 09, 2022The Hacker NewsData Protection / Privacy

For today’s businesses data privacy is already a big headache,
and with modern privacy laws expanding to more of the world’s
population, regulatory compliance is on track to become a more
complicated, high-stakes process touching on every aspect of an
organization. In fact, Gartner predicts^[1]
that by 2024, 75% of the Global Population will have its personal
data covered under privacy regulations.

Tightening data privacy regulations around the world

The EU’s General Data Privacy Regulation (GDPR) was not the
first privacy law in the world. Still, it was undoubtedly the first
significant shakeup in privacy legislation with a far-reaching
impact on organizations globally. Following its implementation,
several U.S. states have started implementing similar privacy laws.
This legislation includes;

• Virginia Consumer Data Protection Act (VCDPA), effective
  January 1st, 2023
• California Privacy Rights Act (CPRA), effective January 1st,
  2023
• Utah Consumer Privacy Act (UCPA), effective December 31st,
  2023
• Connecticut Data Privacy Act (CDPA), effective July 1st,
  2023
• Colorado Privacy Act (CPA), effective July 1st, 2023

Australia has already begun tightening its
data privacy and cybersecurity laws^[2]. For instance, the
country’s proposed fines are higher than the EU’s penalty of €20
million (approximately USD $20 million) or 4% of annual global
turnover under the GDPR. With these and other state or
country-based privacy legislation being implemented, it’s prime
time to think about your organization’s compliance obligations
under these laws.

What do changing privacy laws mean for organizations?

As the digital landscape evolves, cybercrime grows with it. The
soaring numbers of online and mobile-based interactions create
countless cyberattack opportunities. Many of these attacks lead to
data breaches that threaten businesses and people. At the current
growth rate, damage from cybercrime will hit $10.5 trillion annually by 2025^[3]—a 300% increase from the
numbers reported in 2015.

In the face of the growing cyber onslaught, organizations
globally spent about $150 billion in 2021^[4]
in their quest for better cyber defense, growing by 12.4% annually.
Thus, the surging cybercrime and subsequent need for better defense
are the key drivers of the increasing cybersecurity awakening and
privacy laws.

To stay ahead of these regulations, organizations need to
implement the following measures:

1. Update data privacy policies

Your organization’s privacy policies must be GDPR-compliant^[5]. Even organizations
without a European presence should start evaluating the proposed
data privacy and cybersecurity laws and their obligations under
these laws. Future online privacy regulations will likely touch
upon how impacted users should be notified and the forms of
remediation to that need to be provided.

2. Review data security standards

Constantly auditing and testing the data security standards your
company has in place can also help you stay ahead of the changing
cybersecurity and data privacy regulations. Reviewing your data
security standards every few weeks or months can help identify
mistakes and weed out any gaps that would render your organization
noncompliant with privacy laws.

By keeping your company’s systems and privacy standards in line
with current laws, you will be better placed to make the necessary
adjustments once a shift in regulations occurs.

3. Implement data security best practices

Every organization is unique regarding its obligations under the
law, particularly with respect to the duty owed to employees and
consumers under privacy regulations. To this end, your organization
should recognize its operations and what best practices it must
engage in to ensure it stays compliant with the relevant
regulations.

For instance, you should pay attention to how your organization
controls access to sensitive data, including classifying and
storing data with a zero-trust policy implemented^[6]. Here are more data security best practices^[7] to double check.

4. Facilitate regular employee training

When planning how you intend to handle data for the inevitable
data privacy laws in your jurisdiction or areas your organization
serve it’s wise to include your employees in the process of data
handling and privacy practices.

While employee training costs time and money, it can save your
organization headaches in the future. Humans have often considered
the biggest risk with respect to data security and privacy.
Ensuring your employees understand cybersecurity risks and how to
avoid a data breach is paramount to protecting your company and its
data.

5. Strengthen your organization’s password policy

To ensure a strong privacy foundation throughout your
organization and the vendors you work with, it’s vital to minimize
the risk of a cyber-attack.

Passwords are your first line of defense against unauthorized
access to the IT framework and employees’ and customers’ personal
information. The stronger your password policy, the more protected
your IT systems are from malicious cyber-attacks. Fortunately, you
can easily strengthen your organization’s policy with Specops Password Policy,^[8] which extends the
functionality of Group Policy and simplifies the management of
fine-grained password policies. It allows you to enforce compliance
requirements, block over 3 billion known compromised passwords, and
help users create stronger passwords in Active Directory with
dynamic, informative client feedback.

Get Your Organization Ready for Data Privacy Regulatory
Compliance

From healthcare companies and financial institutions to tech
startups and government agencies, data privacy compliance and risk
management are paramount to success. Indeed, organizations can stay
compliant with the ever-changing privacy regulations and reduce the
risk of reputational damage by implementing up-to-date policy
protocols, identifying employee training best practices, and
instilling a nimble framework for company-wide password
changes.