WATCH Privacy Regulations – GDPR and CCPA – Day 24 of Cybersecurity Awareness Month
Shelly Miller 00:06
Data privacy is on many people’s minds now that Cybersecurity Awareness Month. Personally, I’m concerned about how much data I have online and the implications for my privacy. But should businesses be taken data privacy more seriously? And what are some steps they should take? With us today is Craig Taylor, CEO and co founder of CyberHoot, an online Cybersecurity Awareness platform that helps MSPs and small businesses build their cybersecurity programs quickly and effectively. For Craig, what do business owners and MSPs need to do about data privacy?
Craig Taylor 00:36
It’s a great question. And it’s a very timely topic. The first thing I would I’m going to go through about five different steps that MSPs and SMBs need to do for their businesses to comply with data privacy regulations today, but know this, that there’s a lot and we’ll get into this, there’s a lot of change coming with additional states publishing their own data privacy regulations.
So this is very much in flux. But for today, and for right now, the very first step I would take is to identify for yourself what private data you collect. What’s another word for private data is non public personal information. And it’s usually the combination of a name with something else a full name with an address, or a full name with a credit card or full name with a date of birth or social security number.
Those are all parts of the California and most other legislation. When you, Yes, I see now we brought up the slide, if you look at this slide, you’re going to see that there are a number of states that have passed legislation three. And there are so many more that have it in Committee, which means it’s almost ready to be passed.
The final thing is a very important one, you need to build an authentication process for these data privacy requests. Before you get one. Make sure that that process takes in as many factors as possible. If you happen to collect a phone number or mobile device for an individual alongside their name and their email address. You’re golden because you can do multi factor authentication of an individual making a privacy request, you can email them or check their email. You can also send them a text message with a one time code to validate their identity that can be part of your authentication. Because quite frankly, these privacy legislations can themselves lead to data breaches where people request data under data privacy and they’re not supposed to it could be a hacker trying to game the system.
Shelly Miller 04:41
Okay, so you seem to be implying that data privacy requests could come from hackers or the wrong person.
Craig Taylor 04:47
Shelly Miller 05:34
Craig Taylor 05:48
Well, that’s an interesting point. I guess data privacy applies to businesses, but it also applies to individuals. So I’ll give you three tips for individuals worried about their private data, you started by saying shall you are worried about your own private data on the internet. And that’s where I always recommend folks limit what they post on social media and to whom don’t accept all these friend requests from people you don’t know directly, even an acquaintance you might not want to friend because you don’t know what their motivation is for befriending you.
You just want to keep that limit, limit the number of people that you’ve you accept friend requests on social media from and limit what you post. And then when you do have to give out sensitive data to a company or a business, such as a social security number, ask how they handle that data, and be adamant that you you want not to give like a social security number.
It’s a habit for some companies to request that when they don’t really need it. So challenge them and say, Do you absolutely have to have this? A lot of the mobile carriers and the Internet Service Providers used to just collect it as default? I’ve long since said no, I’m not giving it to you. And they go by now we have a special process for people that refuse to give us that.
And that’s fine, you’re limiting the exposure of your sensitive and personal data. So in conclusion, whether you’re an MSP an SMB, or an individual, you need to understand how to protect and accommodate private data, nonpublic personal information, both personally as we’ve just discussed, and professionally as a business. And in so doing, you’re really helping yourself become aware of your obligations, and therefore you’re going to be more secure with your data and your business.
Mike Miller 07:27
So that’s why we need to become more aware to become more secure.
Craig Taylor 07:32