There’s a lot of new regulations small business owners need to be aware of and comply with this year. One, in particular, that may be confusing is the California Consumer Privacy Act (CCPA). To help explain what the CCPA means—and how you can comply, we talked to Monique Becenti, product and channel specialist at SiteLock.
SmallBizDaily: Why are data privacy and security laws important?
Monique Becenti: Data privacy and security laws are important because they hold companies of all sizes accountable for customer privacy and cybersecurity, putting us one step closer to a more secure internet. What’s different about laws like the California Consumer Privacy Act and its European counterpart, General Data Protection Regulation (GDPR), is that they serve to protect consumers across all industries. Most existing cybersecurity legislation serves a certain industry—such as the Health Insurance Portability and Accountability Act (HIPAA) in healthcare or the Payment Card Industry Data Security Standard (PCI-DSS) in financial services.
SmallBizDaily: What does the rollout of CCPA mean for data privacy and security?
Becenti: To comply with CCPA, businesses must now inform California citizens when and how their information is being collected, while also allowing them to access, edit and delete this information. Similar to GDPR, it guarantees consumers “the right to be forgotten.” This is important for the cybersecurity industry because it affirms that consumer data and privacy indeed belong to the individual, not corporations.
According to CCPA, businesses must implement and maintain reasonable security practices that are appropriate for the nature of the information. For businesses implementing these procedures, database security should be a key factor in securing their customers’ data. Some best practices to secure a database include using a web application firewall (WAF) that can block the top web application threats as well as a website scanner, which is essential for removing malware from a database or website files. Additionally, reviewing database logs on a consistent basis for anomalies can help businesses stay on top of database security.
SmallBizDaily: What should small business owners keep in mind as the law rolls out?
Becenti: Small business owners should start to comply with CCPA, even if they aren’t located or do business in California. It’s possible that this law will act as a catalyst in the U.S., and we could start to see similar regulations in other states.
For small businesses conducting business in California now, it is essential to comply in order to avoid expensive fines. The CCPA provides for consumer lawsuits with statutory damages, which can add up quickly for businesses. With fines reaching up to $750 per California resident per incident or actual damages, whichever is greater, there will be a significant increase in the costs associated with a data breach with this new law in place. This is especially true for a small business that is found to be non-compliant. Small businesses typically lack the resources and budget to secure their websites already. With CCPA, they must keep website security top of mind to protect their business and visitors’ data, as well as their bottom line.
SmallBizDaily: How does the law impact small businesses and large businesses differently?
Becenti: This law impacts any business that collects personal data on its customers, including information gathered via the company’s website. Companies that fail to comply could be subject to fines and lawsuits. For large enterprises with legal teams and deep pockets, this is just another day on the job; but, for small businesses with limited staff, resources and budget, one fine or lawsuit could put them out of business.
To avoid fines, lawsuits or downtime, small business owners, more than ever, should be following the latest regulations in their states and evaluate how to comply with CCPA and other privacy and security regulations. By putting a plan in place that best protects themselves and their users, businesses can then develop a business strategy that doesn’t compromise their customer’s security and privacy.
Monique Becenti is a product and channel specialist at SiteLock.