From CASB 1386 to AB 375, California has a New GDPR-like Law to Protect Privacy

From CASB 1386 to AB 375, California has a New GDPR-like Law to Protect Privacy

Micro Focus Frequent Contributor

More than 15 years after CA Senate Bill No. 1386, or CASB 1386, California continues the personal privacy protection crusade with a new law (Assembly Bill No. 375) that has a bit more teeth beyond requiring breach notifications. It used to be that encryption such as Voltage SecureData was your “Get out of jail free” card. If data security was breached, and you could demonstrate the data was encrypted while you maintained the control of the keys, you would achieve safe harbour and not have to report the breach. Of course, all bets were off if your data was in the clear. Solutions such as SecureData are the smart, preventive medicine thing to do, but now the stakes are even higher along with penalties for noncompliance.

From CASB 1386 to AB 375.jpgConsumer confidence is suffering after each new Equifax or Cambridge Analytica style compromise of our trust, leading to real consequences in personal identity theft and abuse. While companies may have been sitting by the side lines watching Europe’s GDPR regulations unfold, it was only a matter of time before the impact would reach local shores and raise attention. It may be either due to globalization with companies having to continue doing business in Europe under EU terms or due to a recognized need for consistent standards to protect privacy, but consumers are demanding improved security controls over the use of their data. And as often the case, with California laws to protect consumers like CASB 1386 and AB 375, we should not be surprised to see other states following California’s lead as the canary in the coal mine for improving regulations. 

What can you do today to get ahead?

Leading organizations that manage and use personal data that is at risk are already ahead of the curve, since data privacy is nothing new for specific industries. The payment card industry has PCI DSS and healthcare providers have HIPAA for health information privacy for example. But what if you aren’t in a regulated industry already with clear mandates? 

Data privacy has changed tremendously over the last decades—no longer does a name, street address and credit card make up the only critical data thieves want to abuse. Personal identity data can be used for so much more fraud and it’s hiding in plain sight. The information you create that comes from your cell phone, even location data and behaviour patterns, can be used to gain insights into your private life and assets. IoT devices and websites are collecting much more. “Hey Alexa, please protect my privacy!” “I’m sorry, I don’t understand that term.” Kidding of course, about the prevalent use of virtual assistants we gladly invite and install into our homes. 

Keep in mind, the scope of how sensitive data is defined is much broader than it used to be, there’s more at risk with more to compromise, and there’s more for business to care about to protect consumers. Technology is part of the problem, but can also be part of the solution. A few things you can do today: 

  • Understand your threat landscape – Micro Focus solutions such as ArcSight can help you better understand vulnerabilities and risks to your applications, systems and data.
  • Protect your applications – Using Micro Focus Fortify enables you to build security into your applications to avoid data leaks, up front.
  • Discover sensitive data – Micro Focus Structured Data Manager identifies and classifies data at risk, and when combined with…
  • Voltage SecureData – You can actively protect the assets you know about to comply with mandates such as AB 375, GDPR and beyond. 

Of course that’s not the whole story, Micro Focus integrates products ranging from Identity and Access Management solutions to endpoint protection, and more to offer a complete suite of data discovery and governance solutions that don’t leave you hanging, after you’ve taken your first step to compliance. 

Ready to have a conversation to learn more? Contact us today, no matter where you are in your compliance journey. We’re here to help!

0 Kudos
About the Author

Nathan Turajski

Data Security (Voltage) and SOC (ArcSight) Solutions