In the coming months, data protection laws will continue to evolve and strengthen, requiring organizations to refine their data protection policies and demonstrate how they safeguard customers’ information. As part of the changing mandates, cybersecurity frameworks will also refine customer data retention regulations.
Understanding the ongoing changes to data privacy regulations is challenging enough for chief information security officers (CISOs) and their teams. Implementing the needed changes as they occur only adds complexity and confusion. This article explores changes to consumer privacy regulations and describes ways companies can streamline their compliance efforts.
This year, the US Department of Defense is expected to enhance its national cybersecurity standard for all contractors working with the federal supply chain and handling controlled unclassified information (CUI), and mandate Cybersecurity Maturity Model Certification (CMMC) program requirements. While this mandate does not directly affect many enterprises, the ruling will certainly affect other organizations that conduct indirect business with the federal supply chain, as well as those in the private market, requiring them to meet changing data protection laws that are pivotal to businesses’ daily operations.
Additionally, the California Consumer Privacy Act (CCPA), one of the country’s more stringent consumer privacy laws, will introduce enhanced rights for individuals wishing to change their personal data or opt out of marketing and third-party communications — an important consideration given the many recent third-party data breaches. Businesses must therefore establish more rigorous policies and processes to protect their systems and the critical data stored on them, and