Enterprise Strategy Group Report Highlights Encryption as Best Method for Compliance with Privacy Regulations such as CCPA and GDPR
March 2020 by Enterprise Strategy Group (ESG)
Enterprise Strategy Group (ESG) – an IT analyst, research, validation and strategy firm – and Fortanix® Inc., the Runtime Encryption® company, today announced results of the ESG industry report focused on compliance guidelines for the California Consumer Privacy Act (CCPA), the California law protecting consumers from mismanagement of their personal data by companies doing business in California that went into effect Jan. 1. The report highlights that encryption provides the best defense against any fines that might be levied for violations or data breaches under CCPA.
The report also reveals that CCPA applies data breach sanctions only if companies fail to protect personal data with encryption or redaction. If personal information is protected with appropriate data security measures, it cannot be used by unauthorized parties, so consumers are left unharmed.Encrypted data that is stolen remains unintelligible, protecting the identity and personal information of its owner and mitigating risk for the business.
“Encryption is a security strategy that will protect sensitive data such as the personal information covered by CCPA,” wrote Christophe Bertrand, ESG senior analyst. “It protects an organization from scenarios like a devastating breach where hackers gain access to systems containing personal data. It is important to implement encryption throughout the data lifecycle, including while data is at rest in a storage layer, while it is in transit over networks, and while it is in use by applications in the memory of the operating system.”
“Also, consider that personal customer data should be encrypted whether it exists in public cloud storage, in software-as-a-service (SaaS) applications such as CRM, or throughout your supply chain, in addition to your internal data center systems,” Bertrand continued in the report. “Organizations need to implement advanced data classification, data anonymization, data masking, encryption, security, and access controls in order to set themselves up for successful compliance. ESG believes that many organizations are only ready on the surface – with marketing opt-in/out processes, for example.”
The California Consumer Privacy Act is landmark consumer privacy legislation. Often compared to GDPR, CCPA protects consumers from mismanagement of their personal data and gives them control over what data is collected, processed, shared, or sold by companies doing business in California. This act is the strongest privacy legislation enacted in any state, giving more power to consumers with regards to their private data. With many experts predicting that other states will pass similar legislation in the coming years, companies across the US that take proactive steps today to better protect consumer data will be best equipped for future regulations.
“With the increase in regulatory penalties and devastating data breaches we have seen, protecting the privacy of customer data is a strategic imperative for business,” said Ambuj Kumar, CEO of Fortanix. “The most reliable and efficient method of both protecting customer data and avoiding regulatory penalties is to encrypt all customer data throughout its lifecycle –while at rest, in motion, and while in use by applications.”
The “California Consumer Privacy Act (CCPA) Compliance Guide” is an update to an ESG industry report published last year. The update was commissioned by Fortanix to include new information and findings in the report after the law went into effect.