It’s been a tumultuous 2018 for data privacy and information security. New regulations here and abroad show that data privacy will continue to be a hot topic as we move into 2019.
We’re seeing the OCR’s investigations and penalties aren’t limited to large entities or to large breaches. Expect that will continue. Over 60 organizations reported breaches affecting fewer than 1000 individuals, reminding everyone that not all breaches make headlines. Some of them are small organizations in your own backyard.
Buyer Beware re CCPA Cool Tools
The California Consumer Protection Act (CCPA) has reaped much hoopla. And the sales push on the trade show floors shows it. At conferences nationwide, we’ve seen “solutions” for CCPA compliance. Yet the Act isn’t yet in its final codified form.
Our recommendation on CCPA: don’t put the cart before the horse. Spend the time between now and the CCPA’s 2020 date getting your data privacy and security house in order. Go back to basics and pay attention to how the law evolves before spending money – and implementation time – on a “cool tool” that ultimately, may not be what you need.
Not All Certifications are Created Equal
On that note of cool things, are you looking at how your vendors are certified? People will peddle that they’re certified in this or that, like saying “We’re ISO certified.” That’s great. But we can’t stress enough that not all ISO certifications mean the same thing. The ISO 27001 certification is the one that relates to information technology security standards. So if you have a potential vendor touting their certifications, do a quick online search to be sure that it’s the one(s) that matters to your business. Oh, and make sure the certifications are still active. Just because a vendor was certified once doesn’t mean they are still certified.
In fact, just because you’re in the healthcare business doesn’t mean you necessarily need to rush out and buy a regulatory-specific solution or need the certification that your competitor is getting. Examine what type of business you do, where you do it and who your customer is before making a financial and time commitment that may not be needed, or that may not be needed right now.
When it comes to you and your business, be strategic. And keep in mind that not all business strategies call for the same certification. We can help you figure out which certification makes the most sense for your organization (HITRUST, SOC 2 and ISO 27001 are the most commonly pursued).
Now that you have all the information that matters (ho, ho, ho!), kick back and let’s toast 2018 out and 2019 in! We wish you and yours a happy, healthy holiday season and a prosperous new year. Thanks for making 2018 such a great year and for trusting us to help you with your data privacy, security, compliance and certification preparations!