AG Technology

Vector-AG Technology Limited

Microsoft to honor California’s new privacy law nationwide

Microsoft have announced that they will adapt the principles of the new California Consumer Privacy Act (CCPA) on the first day of the New Year.

Ahead of coming into full force in January 2020, Microsoft took the bold step in announcing that it would “honor” the CCPA law throughout the whole United States. This follows a similar decision in Europe where it adapted the GDPR principles globally to its business. 

Microsoft’s announcement is a big deal for the tech industry as it signals just how seriously big business is taking data protection. With CCPA only being enforced in California, Microsoft have shown that as a company it wants to do more for data protection, and in fact, praised CCPA as good news. Chief Privacy Officer Julie Brill said in a blog post that the CCPA is “an important step toward providing people with more robust control over their data in the United States.”

CCPA will have a far reaching impact on businesses, especially those that are incorporated in California, but serve users nationally and internationally. With data laws overlapping in different states, and over in Europe, it’s making more sense for businesses to adapt the strictest data requirements across their entire digital operations. This will ensure that they are ready for the upcoming laws currently being drafted in a number of different states, and help them to get their systems up-to-speed and compliant. 

With that compliance also comes the need of making sure that technology architecture is set up in a way that safely stores and removes data once it is no longer in use. Especially for businesses that handle personal information across states, it’s important to implement a data protection policy that tries to apply the principles of GDPR, CCPA and other laws so that risks are minimized.

For companies that want to step up their commitment to protecting their customer data, they can choose the option of buying professional degaussing equipment to fully erase old data from hard drives that will no longer be used in newer systems. 

CCPA

The California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) became law on January 1st 2020 in the state of California and places additional legal requirements on businesses and organizations when it comes to handling data. The law is comprehensive with a number of detailed statutes reflecting today’s new digital age, and how valuable data has become. CCPA gives consumers new powers and rights when it comes to their data, which businesses must comply with in order to avoid being fined or found in breach of its provisions. Some of the statutes include:

  • Consumers right to receive information on privacy practices and access information.
  • Consumers right to deletion.
  • Information required to be provided as part of an access request.
  • Consumers right to receive information about onward disclosures.
  • Consumer right to prohibit the sale of their information.
  • Price discrimination based upon the exercise of the opt-out right.

Business compliance and impact

Businesses affected by CCPA include those which hold or collect personal data from consumers, and are doing business in the state of California. There are three thresholds which organizations will fall under when considering if CCPA applies. These are:

  • If the annual gross revenue of a business exceeds $25 million.
  • If buying or selling personal information of more than 50,000 individuals.
  • If earning more of half its annual revenue from the selling of people’s personal information.

In alignment with CCPA, businesses are expected to implement data security practices that can support the protection of consumer data across its organization – where consumer data is being handled. 

See our Data Destruction Auditor to learn more about data auditing. 

Business processes required under CCPA

Businesses adhering to the CCPA must implement the following processes to be compliant. If they fall within one or more of the compliance thresholds then CCPA will apply: 

These are:

    • Implementing parental or guardian consent for children (minors) who are under the age of 13, and ‘affirmative consent’ for minors who are aged between 13 and 16 – in relation to data sharing processes.
    • A clearly defined link on the home page of the website of the business providing a “Do Not Sell My Personal Information” link where users visiting that website are able to opt out of the selling of their personal data.
    • New privacy policies which include a description of California residents’ rights.
    • A point of contact for website visitors that allow them to access their data.

Fines and sanctions that can be imposed under CCPA provisions

  • If a business suffers data theft or a data breach, it can be ordered to pay statutory damages in civil class action lawsuits and asked to pay up to $750 per incident and resident (residing in California).
  • Financial penalties of up to $7,500 can be issued for intentional data violations and $2,500 for unintentional data violations.

Signed by Governor Brown in June, 2018, and enacted on January 1st, 2020, the California Consumer Privacy Act enhances consumer protection and holds businesses to account that do not protect data, or suffer from data breaches where consumer information is accessed without consent. 

France protecting data rights as it forges new cybersecurity cooperation with India

France is taking a proactive role in strengthening its cybersecurity cooperation with India, signing a new agreement to combat cybercrime to protect its citizens and business sectors. 

Over the past year since GDPR was introduced in the European Union, France has been keen to work with international partners on data rights and data security as a whole. 

AI, 5G and digital commerce were among the key topics at a summit in New Delhi between France and India in October, attended by France’s National Cybersecurity Agency along with 130 delegates from both countries. 

As technology starts to become a bigger part of our lives, France and India have been looking at ways in making sure data transference between states is safe, and that the laws which govern people’s data, are replicated between friendly nations. This goes without saying that people’s individual rights as data subjects is becoming a key topic of discussion, particularly as there remain considerable cybercrime threats for citizens around the world. 

Companies and governments have also been seeking ways to improve data architecture, data security and network security as a whole in their discussions, keeping in mind the ever evolving landscape, and how data is being used, stored and processed in different countries – often by multinationals, but increasingly by small businesses and tech startups. 

At the GITEX Technology Week in Dubai back in October, multinational companies gathered to display the latest innovations in tech, including advancements in AI and IoT devices – laying the foundation for a new era of technological innovation and inter-connected systems where digital citizen rights will take centre stage.  

Verity Systems, a manufacturer providing data security solutions for governments, businesses and medical institutions, has been working behind-the-scenes to develop new tools that can securely erase data records from different types of media. And with the evolving data landscape, legacy network systems and hard drives are being retired with a stronger emphasis being placed on secure data erasure of personal information that is no longer in use. 

With the risks associated in improperly handling data disposal, and the very nature of data rights and people’s personal information, businesses and governments are taking note of the evolving landscape of technology, and how to deal with the careful disposal of older systems which will be made redundant by newer innovations and technological breakthroughs. 

In our ever evolving digital landscape, we are only seeing the beginning of what will be a transformation of the digital ecosystem we see today, and when it becomes more closely integrated, across borders, digital citizen rights will be a key priority for countries moving forward. 

Singapore to step up its data security efforts in 2020 with $719m investment drive

The Singapore government is investing heavily in data security as part of its new 3-year plan which it sees as crucial in protecting citizen data.

Speaking on Tuesday, Singapore’s Finance Minister Heng Swee Keat said that the budget for 2020 would enable Singapore to enhance its cyber and data security capabilities.

This follows the passing of new legislation in 2018 which enhanced laws surrounding data security in the new Cybersecurity Act.

Singapore’s investment plan will allow the government and key agencies to adopt new technologies and get the country ready for a future where AI, IoT and cloud computing become central to economic growth.

Through new digitisation strategies, Singapore will be able to adapt to cyber security risks and also provide tech startups with the funding they need to develop new technologies. This would come from an additional $215m fund in its Startup SG Equity Scheme – further supporting Singapore’s growing hub of technology startups.

Countries such as India, France and the U.S. have also been adopting new laws and stepping up their data security efforts to protect citizens and their personal information. From California’s new CCPA to France and India’s push for more data cooperation between governments, there is an international effort building momentum to reinforce data security architecture as a whole.

Businesses that are at risk of data security breaches include multinational corporations operating large cloud infrastructure as well as government agencies, ecommerce platforms and new fintech businesses.

Data security architecture is central to the success of new startups as well as protecting citizen data. Part of that effort includes the safe removal and disposal of older systems as new technologies come into play. One of the ways in which businesses can reduce their risk of losing data or having it exposed to criminal organizations is through degaussing technology and hard drive destruction.

While software may be considered by small businesses as a way to erase hard drives, the data still remains, and poses a risk to security conscious companies holding sensitive information. Therefore magnetic erasure with degaussing provides the guarantee that data can’t be recovered – which is especially important for governments that want to protect national secrets and data from falling into the wrong hands.

Congressional panel finds US at risk from small and catastrophic cyberattacks

This week, a bipartisan report released by the Cyberspace Solarium Commission found that the U.S. was facing multiple cybersecurity challenges and could suffer lasting damage if national infrastructure was compromised. The total cost of such a major cyberattack could exceed the multi-billion dollar cost of the California fires by comparison.

Already top of the agenda for countries around the world, data security and data laws have still a long way to go to catch up to the threats that are posed by cybercrime in our digitally connected economy.

Data itself has become a ‘human right’ but it’s the way in which information and people’s personal records are being handled that still poses challenges for businesses and governments – especially when that information falls into the wrong hands.

Several high profile breaches such as the Equifax hack have led to a host of new data laws and processes for companies, but there remain critical flaws in how digital infrastructure is protected from cyberattacks, leaving businesses vulnerable, especially when older, legacy systems don’t get upgraded and still retain hundreds if not millions of records.

The bipartisan report recommended that the government enact wide ranging reforms and collaborate further with the private sector to develop new cybersecurity solutions.

One notable recommendation in the 180+ page report was that Congress enact a new data security and privacy protection law with a new National Cyber Director.

With technology theft being a big problem for American companies, the Commission urges lawmakers to deter attacks and find ways to encourage better data security standards globally.

One of the key areas of data protection is in the safe erasure and removal of older, legacy system hard drives – a key issue given that millions of records remain unprotected and vulnerable to exploit without being properly erased. Through degaussing technology and hard drive destruction, there are ways for businesses to reduce the risk of having their legacy systems getting exploited. With full data erasure, there’s an added layer of security for businesses and governments that are in the process of adjusting to new standards, but time is of the essence as newer, more sophisticated Ransomware viruses and other malicious software programs penetrate America’s key digital communications infrastructure.

Is your business implementing new data policies to adjust to the latest threats in cyberspace?

CCPA fines in 2020 set to exceed $200 million as data laws tighten

California’s new CCPA law is predicted to make a significant impact on companies and how they handle people’s personal information. 

Following GDPR in 2018, CCPA will bring businesses in California more in line with European standards of data protection for the first time, providing the state with new powers to impose fines on businesses that fail to adopt the new data law into their architecture. 

Businesses that are especially at risk include suppliers of hosting and cloud services as well as organizations that hold medical records. With personal information such as patient data, addresses, phone numbers and other sensitive details stored in datacenters and servers across California, businesses have to step up their data protection procedures to make sure that security remains a top priority to minimize the potential fallout from a data breach which could easily arise from misconfigurations. 

With increasing demand for cloud computing, companies also have to update systems and remove faulty hardware and failed hard drives more frequently. Businesses of all sizes are also frequently disposing of old hard drives, and sometimes selling these older components online. During this process, businesses remain vulnerable as removing damaged hard drives doesn’t prevent information from being recovered at a later stage. Data recovery can take place long after a hard drive has been disposed of, even if it has a defect and new software can’t be installed on the disk itself. 

In a recent study, it was discovered that old hard drives sold on eBay still contained personal information and corporate data that hadn’t been erased. Email messages, archived internal employee data and shipping manifests were also found on SSD hard drives and this information could be recovered easily. 

In order for data to be completely removed, software alone cannot fully erase a hard drive. It is simply written over with a new layer leaving the previous set of data and all the files left on the disk. For businesses and organizations, data removal is essential especially when their old hard drives are being removed and either sold or recycled. At this stage of removal, there is still a significant risk that data can be re-discovered, and even harvested by others.

For a hard drive to be erased, a degausser can be used to magnetically wipe a disk clean. This guarantees that all the data, and even the previous versions of operating systems get removed. There are different types of degaussers that can be used depending on how many drives a business needs to process before they are recycled.

New York data laws set for sweeping change as stricter standards are implemented

New York is about to change the game for businesses as it implements the Stop Hacks and Improve Electronic Data Security Act, or more commonly referred to as the SHIELD Act.

The new reforms will mean that New York State data standards get a dramatic upgrade with the attorney general’s office being provided with a whole new set of data security enforcement privileges.

The impact of the SHIELD Act will affect businesses that collect data from New York residents, bringing a new level of scrutiny for companies that handle personal information. Coming into effect on March 21st, beyond data breaches, the attorney general will be able to investigate companies where whistleblower complaints about data collection and handling have been made. This means that businesses who have had no data breaches will now be liable under the Act, and could face civil penalties if they are deemed to be inadequately handling data.

This follows the implementation of CCPA in California, and adds a layer of compliance for businesses that are not necessarily dealing with data theft or breaches, but are considered to have improper data handling processes.

One of the ways in which businesses can create more transparency about their data handling and data processes is through auditing, and data destruction. For many businesses, this can prove effective in demonstrating clear processes, where audit reports can be provided to law enforcement agencies and the state.

The new SHIELD Act is likely to be the first of many data laws that are enforced in the coming months as data collection and the handling of personal information face further regulation in the U.S. and internationally.

Is your business auditing its data handling processes for more transparency?

96% of businesses concerned with cloud security as majority suffer data breaches

A new survey with 3500 IT managers across 26 countries has revealed that a majority of businesses have suffered a breach over the past year, while 96% of companies were concerned about cloud security as a whole.

Conducted by Vanson Bourne, companies expressed their concerns over a number of issues in the survey, particularly data leaks and cloud security vulnerabilities. More than 70% of IT managers admitted that some form of security breach had taken place within the last year and businesses suffered from malware attacks, cryptojacking and a variety of data breaches. 

With new data laws and regulations in place in the U.S. and around the world, businesses that are fully integrated into the cloud are struggling to maintain a secure, digital landscape for their employees as well as their clients. 

Several high profile cases in the past few months have led to record fines being imposed by regulators as breaches become a primary focus for data security and businesses that operate in an integrated digital environment. 

With the lack of comprehensive data security policies to protect personal information, companies are still at risk of suffering substantial lawsuits should user data fall into the wrong hands. This goes for companies that also fail to secure and fully erase personal records from older, legacy systems. 

In the new era of cybersecurity, integrated web infrastructure and cross-border legal requirements on data handling, it is more important now than ever to create a safe environment online, while also ensuring a proper data disposal process exists within a company.

Businesses looking to securely erase their data and dispose of hard drives and magnetic media can explore using professional hard drive degaussers and hard drive destroyers. Degaussers ensure that data is magnetically erased from the medium, ensuring that it can’t be recovered later. This is especially important for government agencies, law enforcement and hospitals that handle sensitive data. Hard drive destruction can also render a hard drive inoperable once it has been magnetically erased.

Is your business securely erasing its data?