What Privacy and Security Mean for Companies

With Data Privacy Week coming up soon, we’re thinking about the important symbiotic relationship between privacy and security, and ahead to some pending deadlines for cybersecurity and privacy compliance.

How can company leaders best navigate the waters and enjoy peace of mind?

Here are a few upcoming privacy and security compliance deadlines to consider:

March 29, 2024 – California Privacy Rights Act (CPRA) enforcement goes into effect. CPRA grants California residents extensive control over personal data. Organizations that process customer data belonging to Californians must ensure compliance. This includes requiring businesses to delete customer information upon request and stricter consent requirements around sharing or selling data. 

March 31, 2024 – Important news for any organization handling credit card payments, The PCI DSS v4.0 (Payment Card Industry Data Security Standard) will come into play in stages. The first set of mandatory requirements around multi-factor authentication (MFA), penetration testing, and password security will take effect on March 31st. Businesses handling card payments must prioritize these areas to stay compliant. Read more here.

June 15, 2024 – SEC breach disclosure rules for SMBs.
The U.S. Securities and Exchange Commission (SEC) is casting a wider net. While larger companies have already had to adhere to SEC cybersecurity incident reporting requirements, smaller businesses (those valued at less than $250 million, for example) have until June 15th to comply. Companies must disclose ‘material’ cybersecurity incidents (those that could impact revenue or cause investor harm) promptly and transparently.

July 1, 2024 – California Consumer Privacy Act opt-out mechanisms and sensitive data consent.
Once again California leads the data privacy effort. Much like GDPR which is Europe’s standard for data privacy (and enforceable for any organization handling European-based data) July 1st marks two CCPA deadlines

  1. Organizations must clearly explain how consumers can opt out of data sharing
  2. they must re-obtain consent for processing personal/sensitive data collected before July 1, 2023.

One Step At A Time

Compliance for companies of any size can be daunting. But, understanding the steps (one at a time) will help leaders better protect their organizations, employees, and customers. 

Beyond compliance, developing and maintaining strong security protocols will also help enhance trust and protect reputation; avoid financial loss; and save on costs.

Do you have questions about how to take the first steps toward security and privacy compliance?

We are here to help!

For more information on how to get up and running with what experts are calling the #1 step to achieve a strong cybersecurity posture, book a demo and find out just how simple security can be with passwordless phishing-resistant MFA+SSO.