Data Security - More of a Legal issue than Tech
Lawyers have to add one more item to their checklist when they advise their clients - "Data Security"
With GDPR in full force and axing companies like google for mishandling users data in Europe, California is also gearing up with its CCPA. In California Data Breach Report, the then-California Attorney General Kamala Harris stated, "if companies collect consumers' personal data, they have a duty to secure it. An organization cannot protect people's privacy without being able to secure their data from unauthorized access."
I believe that implementing reasonable security standards can save the businesses in the end until there is more clarity on the standards of data security and implementation. The International Association of Privacy Professionals (IAPP) found that CCPA will apply to more than 500,000 U.S. companies, the vast majority of which are small and medium-sized enterprises. CCPA takes effect on January 1, 2020, with a look back provision of 12 months.
The dynamics are changed, data security is no more a job of software engineers, it has become more compliance-oriented than technology not to miss the heavy penalties and loss of reputation associated with such issues.