Failure to follow Data Privacy Compliance requirements can be costly

Failure to follow Data Privacy Compliance requirements can be costly. How can you prepare your business?

GDPR, CCPA and the newly coming CPRA (which goes into effect 1/1/2023) require intense data management, or the cost of non-compliance can rise to $1000 per record. These data privacy laws pertain broadly to personal information of consumers including:

  • Account and login information
  • GPS and other location data
  • Social security numbers
  • Health information
  • Drivers license and passport information
  • Genetic and biometric data
  • Mail, email, and text message content
  • Personal communications
  • Financial account information
  • Browsing history, search history, or online behavior
  • Information about race, ethnicity, religion, union membership, sex life, or sexual orientation

CPRA requires businesses to inform consumers how long they will retain data (for each category of data) and the criteria used to determine that time period of what is “reasonably necessary.” Basically, you have to be prepared to justify the data collection, processing, and retention and tie it directly to a legitimate business purpose.

Now prohibited is “sharing” data (beyond buying and selling it), which is defined as: sharing, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic of other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for the benefit of a business in which no money is exchanged. Arguably, this covers a business working with a marketing firm and sharing data with the agency about leads or prospects to employ cross-content behavioral advertising in a campaign.

Companies now need to be able to inform the consumer what type of data they have about customers, what business purposes it is used for, and retention periods. This information allows them to meet the expanded consumer rights given by the CPRA, including deleting data, limiting types of use for certain types of data, correcting data errors across the organization in every location where it lives, automating and executing data retention policies, and to be ready for auditing. While it is an ethical ruleset that has now been put in place, with Data Privacy Compliance active, companies now have to consider possible non-compliance costs in addition to operational and opportunity costs as well.

As a result of these requirements, companies are now in need of a data management system with built-in data governance to stay in compliance. These data management platforms must be capable of identifying, on a data field-by-data-field basis, where the data originates, each and every change made to the data, and each downstream user of the data (databases, apps, analytics, queries, extracts, dashboards). Without automated data management and governance, it will be humanly impossible to manually find this information by the deadlines required. You need to be able to automatically replicate changes made to the data to all locations where the data resides throughout your organization to make consumer directed corrections and deletions within the time limits prescribed.


Cybersecurity Drives Insurance Crack Down

Article

Cybersecurity Drives Insurance Crack Down: Be Prepared to Document Your Security Posture

A common question for cyber insurance brokers in the last few years has been “If I implement this cyber security control, will I get a discount on my insurance premium?” The answer has been typically “no.” But these days, the answer has changed to “no, you won’t get a premium discount. And if you don’t implement that security control, you might not even get insurance.”

Cybersecurity Drives Insurance Crack Down
Fill out the form below to receive the article.

Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.

Get Started

How Cybersecurity Mitigation Efforts Affect Insurance Premiums

How Cybersecurity Mitigation Efforts Affect Insurance Premiums, and How to Keep Your Business Secure

Cyberattacks have increased sharply over the past year. According to an August 2021 survey by IDC, more than one-third of organizations globally have experienced a ransomware attack or breach that blocked access to systems or data over the last twelve months. As a result, insurance companies are tightening eligibility requirements for cybersecurity coverage and requiring their insured to maintain higher standards of data security in order to qualify for better rates, and sometimes for renewal at all. Rates are increasing—up to 100%—for 2022, even for companies without any cyber incidents.

If you have received a renewal notice with a shocking sticker price for 2022, it is time to review your internal controls and security to learn if you can put in place further data protection to lower your rate. Worse, if you have received a notice that your business insurance policies are now excluding cyber coverage, data theft, or privacy breaches, you may be forced to shop for new cyber coverage at a time when attacks are at an all-time high. Without adequate security controls, obtaining coverage may be impossible. Due to the high cost of data breach incidents, you need to make sure that you are eligible for cyber coverage, but what does it take for 2022?

Aunalytics compliance and security experts are ready to help. We provide Advanced Security and Advanced Compliance managed services including auditing your practices, and helping you to mature your business cybersecurity processes, technology and safeguards to meet the latest standards and prevent new cyberattack threats as they emerge. Security maturity is a journey, and best practices have changed dramatically over the years. Threats evolve over time and so too must your cyber protection for your business to remain compliant and operational.


Does your cybersecurity meet 2022 insurance renewal standards?

Does Your Cybersecurity Meet 2022 Insurance Renewal Standards?

Article

Does Your Cybersecurity Meet 2022 Insurance Renewal Standards?

Given the increasing volume of cyberattacks over the past year, underwriters are tightening eligibility requirements for cybersecurity coverage. Learn how to put in place the necessary security controls to safeguard your business and secure insurance coverage.

Cybersecurity for 2022 Insurance Renewals
Fill out the form below to receive the article.

Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.

Get Started

Financial institution is hit by a ransomware attack

Think your financial institution is immune to ransomware? Think again.

Many organizations in the financial services sector don’t expect to be hit by ransomware. In the recent State of Ransomware in Financial Services 2021 survey by Sophos, 119 financial services respondents indicated that their organizations were not hit by any ransomware attacks in the past year, and they do not expect to be hit by them in the future either.

The respondents mentioned that their confidence relied on the following beliefs:

  • They are not targets for ransomware
  • They possess cybersecurity insurance against ransomware
  • They have air-gapped backups to restore any lost data
  • They work with specialist cybersecurity companies which run full Security Operations Centers (SOC)
  • They have anti-ransomware technology in place
  • They have trained IT security staff who can hinder ransomware attacks

It’s not all good news. Some results are cause for concern. Many financial services respondents that don’t expect to be hit (61%) are putting their faith in approaches that don’t offer any protection from ransomware.

  • 41% cited cybersecurity insurance against ransomware. Insurance helps cover the cost of dealing with an attack, but doesn’t stop the attack itself.
  • 42% cited air-gapped backups. While backups are valuable tools for restoring data post attack, they don’t stop you getting hit.

While many organizations believe they have the correct safeguards in place to mitigate ransomware attacks, 11% believe that they are not a target of ransomware at all. Sadly, this is not true. No organization is safe. So, what are financial institutions to do?

While advanced and automated technologies are essential elements of an effective anti-ransomware defense, stopping hands-on attackers also requires human monitoring and intervention by skilled professionals. Whether in-house staff or outsourced pros, human experts are uniquely able to identify some of the tell-tale signs that ransomware attackers have you in their sights. It is strongly recommended that all organizations build up their human expertise in the face of the ongoing ransomware threat.


Man's hand typing on a computer

Meeting the Challenges of Digital Transformation and Data Governance

Man's hand typing on a computerThe Data Accuracy market (traditionally defined in terms of Data Quality and Master Data Management) is currently undergoing a paradigm shift from complex, monolithic, on-premise solutions to nimble, lightweight, cloud-first solutions. As the production of data accelerates, the costs associated with maintaining bad data will grow exponentially and companies will no longer have the luxury of putting data quality concerns on the shelf to be dealt with “tomorrow.”

To meet these challenges, companies will be tempted to turn to traditional Data Quality (DQ) and Master Data Management (MDM) solutions for help. However, it is now clear that traditional solutions have not made good on the promise of helping organizations achieve their data quality goals. In 2017, the Harvard Business Review reported that only 3 percent of companies’ data currently meets basic data quality standards even though traditional solutions have been on the market for well over a decade.1

The failure of traditional solutions to help organizations meet these challenges is due to at least two factors. First, traditional solutions typically require exorbitant quantities of time, money, and human resources to implement. Traditional installations can take months or years, and often require prolonged interaction with the IT department. Extensive infrastructure changes need to be made and substantial amounts of custom code need to be written just to get the system up and running. As a result, only a small subset of the company’s systems may be selected for participation in the data quality efforts, making it nearly impossible to demonstrate progress against data quality goals.

Second, traditional solutions struggle to interact with big data, which is an exponentially growing source of low-quality data within modern organizations. This is because traditional systems typically require source data to be organized into relational schemas and to be formatted under traditional data types, whereas most big data is either semi-structured or unstructured in format. Furthermore, these solutions can only connect to data at rest, which ensures that they cannot interact with data streaming directly out of IoT devices, edge services or click logs.

Yet, demand for data quality grows. Gartner predicts that by 2023, intercloud and hybrid environments will realign from primarily managing data stores to integration. 

Therefore, a new generation of cloud-native Data Accuracy solutions is needed to meet the challenges of digital transformation and modern data governance. These solutions must be capable of ingesting massive quantities of real-time, semi-structured or unstructured data, and be capable of processing that data both in-place and in-motion.2 These solutions must also be easy for companies to install, configure and use, so that ROI can be demonstrated quickly. As such, the Data Accuracy market will be won by vendors who can empower business users with point- and-click installations, best-in-class usability and exceptional scalability, while also enabling companies to capitalize on emerging trends in big data, IoT and machine learning.

1. Tadhg Nagle, Thomas C. Redman, David Sammon (2017). Only 3% of Companies’ Data Meets Basic Data Quality Standards. Retrieved from https://hbr.org/2017/09/only-3-of-companiesdata-meets-basic-quality-standards

2. Michael Ger, Richard Dobson (2018). Digital Transformation and the New Data Quality Imperative. Retrieved from https://2xbbhjxc6wk3v21p62t8n4d4-wpengine.netdna-ssl.com/wpcontent/uploads/2018/08/Digital-Transformation.pdf