Data breaches, mass data collection and identity theft crimes have been a problem many individuals and businesses have faced for years. After years of failed attempts at creating broad-based federal legislation, 2020 may be the year that privacy and data security legislation takes place. Legislation is beginning to become more stringent at the state level. California’s CCPA act (California Consumer Privacy Act) and New York’s SHIELD act (Stop Hacks and Improve Electronic Data Security Act) are both active in 2020 with application outside their respective states spurring more active compliance efforts.On top of increasing state legislation, certain organizations must also comply with industry-specific federal mandates like the Health Insurance Portability and Accountability Act (HIPPA) and the Gramm-Leach-Bliley Act (GLBA). Others also need to balance international regulation, the most popular being the European Union’s General Data Protection Regulation (GDPR).
Ensuring your business is compliant with all levels of legislation can be a significant challenge. The rapid development of these regulations can make compliance difficult for staff who may already be spread thin. A recent article from The National Law Review highlighted ten best practices and strategies to help businesses be compliant in 2020 and beyond.
One of the strategies covered in this article involved maintaining a strong vendor management program. While third party vendors provide support to businesses, they also gain access to sensitive information. An article from the American Dental Association covered a ransomware attack in Colorado that left 100 dental practices without access to their patient data. In the article, Gary Salman, CEO of Black Talon Security in New York lectured to dentists on cybersecurity. Regarding vendors, Salman advised, “Dentists need to ask specific questions of the IT companies they hire, including whether the company has a third-party cybersecurity company evaluate the security of its infrastructure so that its data breach does not become the dentists’ data breach.” While this article in particular is advising the dental industry, Salman’s advice can be useful in all industries.
As additional legislation continues to be enacted, it is critical that companies implement privacy strategies and best practices to manage these ongoing challenges and to be in compliance with the existing and newly enacted legislation. Contact an RCM&D trusted advisor to help your organization understand the shifting risk environment and be a part of your team’s strategic approach to managing cyber risk.