It’s a pretty safe bet that most people are glad to welcome the end of 2020. The large-scale changes forced by the COVID-19 pandemic will reverberate through society for years to come. Unfortunately, there is no way to tell what new issues will demand our attention in 2021. Hopefully, they be will less intrusive and easier to handle.
If you work with sensitive or personal data, you can be reasonably certain that you will be subject to more regulation concerning its privacy than ever before. The focus on data privacy is intensifying in the wake of continued data breaches throughout the year. As the importance and value of corporate data assets increase, they become more attractive targets to hackers of all varieties.
Regulations on how personal and sensitive data needs to be protected are meant to reduce the number and impact of data breaches. From the perspective of an IT team attempting to safeguard their data, remaining compliant with regulatory guidelines requires their full attention. Compliance is a moving target as new laws are passed and existing standards evolve.
California’s CCPA Becomes the CPRA
California has taken a leadership role in instituting statewide data privacy regulations in the U.S. with the California Consumer Privacy Act (CCPA) which went into effect on January 1, 2020. The CCPA was based in part on the EU’s General Data Protection Regulation (GDPR) and gives consumers more control over how their data is collected and used. Recent events in California illustrate why companies need to be prepared to change how they treat their customers’ data.
The state’s residents have approved modifying the CCPA to strengthen the methods in which data privacy is implemented. The result is the California Privacy Rights Act (CPRA). This update to the state’s privacy guidelines includes the creation of a consumer privacy agency to address violations of the law. It makes substantial changes in the rights consumers have to delete data from enterprise databases and makes it easier to sue companies that expose their personal information in a breach.
The Possibility of a U.S. Federal Privacy Law
There is some degree of optimism surrounding the possibility that a nationwide data privacy law can be passed when the new Congress goes into action. The lack of a national policy regarding data privacy has led to many states implementing local standards, such as the aforementioned CCPA. Multiple privacy regulations are a compliance nightmare for companies engaging in interstate commerce.
It is often hard to get the nation’s legislative bodies to agree regarding any kind of policy change. But it appears that the new Congress may be ready to address data privacy on the national level. Several reasons provide the incentive to do so.
- Consensus between the nation’s political parties on the importance of a national privacy policy is growing. Members of both parties have previously put forth bills addressing data privacy, and the issues such as deletion and portability that prevented them from passing seem to be receding. Many of the new administration’s appointees are well-versed in the issue of data protection and can be counted on to champion any national initiatives.
- International pressure is mounting on the U.S. as more nations pass privacy legislation. China, India, and Canada are among the countries either implementing or considering a national data privacy policy. The United States needs to get on board or risk being at a competitive disadvantage when conducting international business.
- Pressure from industry and state legislatures provide another impetus for national lawmakers to take action. Companies are concerned that they will be hindered in international trade by the lack of a comprehensive national privacy policy. As more states introduce local regulations, it is hoped that Congress will realize the benefit of a single policy to be used throughout the country.
Keeping Your SQL Servers Compliant
Keeping your SQL Servers compliant with regulatory guidelines can be challenging. Change, which is a constant in many aspects of an IT environment, can be especially impactful in the area of data privacy and compliance. Not implementing a new hardware or software offering can be detrimental to an organization’s productivity, but failure to comply with data privacy regulations can lead to large fines and a lack of consumer confidence. Noncompliance is no longer a viable option.
There are no software applications that magically implement data privacy standards. Maintaining compliance requires individuals to be accountable for protecting data resources by using all the tools at their disposal. This implies using tools that identify sensitive data assets so they can be protected and alerting to warn about unauthorized access to these resources.
SQL Compliance Manager addresses the complexity involved in keeping your SQL Server environment compliant with data privacy regulations. The tool is fully customizable and includes templates for auditing data resources to conform with guidelines such as HIPAA, SOX, and GDPR. Alerts can be generated for over 200 SQL Server event types and emailed directly to users or stored in an event log. Specific data and thresholds can be defined to track privileged user activity.
With SQL Compliance Manager, you will be able to protect your sensitive data resources and produce the types of reports that satisfy external auditors. Effective use of the tool will keep your SQL Server environment compliant with new and existing privacy regulations and protect the sensitive data on which your organization depends from being compromised.