Regulation and compliance: staying secure in the face of increasing threats to privacy

2019 is going to be a major year for data privacy. Companies have less than 12 months to meet the new California Consumer Privacy Act (CCPA) and we have already seen a €50 Million fine filed against Google under the General Data Protection Regulation (GDPR).  In previous discussions with numerous businesses – they are absolutely taking legislation like CCPA and GDPR seriously – and the latest Google example brings home the point that noncompliance means stiff penalties and unwanted publicity.

This isn’t to say that we haven’t seen large fines for noncompliance before, such as the $16 Million settlement against Anthem Inc. But that was for a data breach in 2015 where attackers got access to the Electronic Protected Health Information (ePHI) of almost 79 million people. And while many people have become immune to data breach announcements, the fine issued against Google on January 21st illustrates how the focus on data privacy has elevated the task of data security. Google was fined not because they were reckless with the data or suffered a data breach, but because of how they let partners use data as well as whether they adequately