9 CCPA questions every CISO should be prepared to answer

Executive management anxiety over the California Consumer Privacy Act will rise as the enforcement deadline looms. Security managers will need to know the answers to these questions.

1 2 Page 2
Page 2 of 2

Plus, there are businesses — especially in the B2B space — where compliance is going to be a mandatory requirement for future contracts. "This depends on the type of business you have," says Williams, "but there are going to be some customers that are very sensitive about user data and will make choices about a particular vendor or supplier based on what they're doing to protect and secure their data."

If you're in the business of processing sensitive data, then compliance failures could cause problems for customers. "So those customers are going to be very concerned that you are complying with the law," Williams says. Some clients have already switched vendors, or are rethinking their vendor agreements, because of CCPA compliance.

9. Is this the end of it, or are more privacy laws on their way?

Yes, other laws are already on the way. "I would expect many other states to take action after a period of wait and see to determine the impact of CCPA," says Steve Durbin, managing director at Information Security Forum, a London-based industry group. Companies need to prepare for a hodge-podge of laws — similar to the way that there are different data breach notification laws in every state.

"There is a very real need for a federal law to avoid states introducing their own variations and interpretation," Durbin says. "However, we are still nowhere near a consistent approach to privacy and personal information usage in the United States and I do not anticipate this changing with a federal regulation any time soon."

Copyright © 2020 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Subscribe today! Get the best in cybersecurity, delivered to your inbox.