The California Consumer Privacy Act is a landmark piece of consumer privacy legislation which passed into California law on June 28th of 2018. The bill is also known as AB 375. This Act is the strongest privacy legislation enacted in any state, giving more power to consumers with regards to their private data.
I sat down with my friends Dave Littman from Truth In IT and Steve Catanzano who works with us at Enterprise Strategy Group to discuss this new regulation.
These are some excerpts of our fist discussion on the topic, which you can find here.
CCPA is not really like GDPR in many ways, but it has a lot of similarities which really focus on the privacy and the ability for individuals to understand what data is actually owned by the various vendors and the various companies they deal with. So really this is about the extension of “natural rights” as a human being.
Now you have the right to your data, to know where it is, what it is, etc. The regulation is a landmark regulation in the U.S. We’re going to see a lot more in other states. It does inspire itself from GDPR. Like GDPR, the European privacy act, California Consumer Privacy Act may be the beginning of stricter U.S. consumer privacy protections.
CCPA is really about protecting the consumer. It gives them a lot more control over what data has been collected on them, what data is processed, what data is shared, and what data is sold. As a consumer I now have more rights to figure out where my data is and who has it, and some rights even have it altered or removed if I think it’s inappropriately being held by someone. And then on the other side of it is the corporate side, which is now being forced to make sure they have policies and procedures in place to make sure they’re treating data the way that they need to.
The regulation specifically calls for conspicuous annotations on webpages. And there are some interesting twists because in this case, it specifically puts parameters around the size of the business in how many customer or individual contacts it has. It’s also very, very wide in its description of what makes up the type of privacy or private data that could be affected.
If you think for a second about those larger organizations and how much data they actually have on individuals, the question is, do they know exactly what they have, where it is, and whether it’s protected in a way that makes sense for their organization, their own compliance, and for the CCPA compliance? They still have some very specific requirements around security, around access, etc. In the end, you’re going to see a lot of organizations scrambling to support it. And, of course you’ll get those emails; you’ll get the visible things on the websites. But that’s just the tip of the iceberg. The real story is about the data and where that data lives.
This is something that affects both your primary systems that you have in place and all these while there’s all your backup systems and your dev/ops systems. Tools like data masking are going to become more important for companies to make sure that internally, when they’re sharing data, teams aren’t seeing personal and confidential information from anyone who’s a customer of theirs. It’s really critical.
So data intelligence is something that’s really growing. This is forcing that issue a bit further for companies to really start thinking about what are our policies, what are our procedures, how we’re treating data and using it intelligently, etc. So it’s not just for this regulation, but it goes much broader than that. And the days of just storing data and terabytes of data and not ever really looking at the data and understanding what the value is are going away. You can now have the tools in place to really be intelligent about what they’re storing, how they’re storing, and how they’re protecting it. This pushes the issue a little further on personal privacy. It’s good for the industry overall.
To learn more, download my free Brief on the subject:
2019 was a year of contrasts for backup and recovery but also confirmed the great health and growth potential in this market. It is, however, at the cusp of a critical change, one that will see vendors pivot to expanded capabilities and new use cases. Those who don’t invest in these new capabilities (organically or through acquisitions) will enter a phase of slow decline, which may not be immediately evident but that will be hard to reverse. More on this in the predictions section.
Dreamforce 2019 just kicked off in San Francisco. What an event and a great boost to the local economy: lots of people, celebrity speakers, lots of vendors, and many locations around the Moscone Center to accommodate the many sessions and events. A forest theme was selected this year – a forest in the middle of the urban forest – with cute characters including a bear…the same bear I am going to poke in this blog entry.
HYCU just announced a set of new capabilities for its Google Cloud Platform service. In this latest release, the company is placing the focus on delivering further enhancements to its native enterprise-class capabilities in/for GCP. This is something other vendors should look at closely with a competitive eye. Here’s why: In combination, the enhancements to the service scream enterprise scalability. Remember that a service is a lot easier to quickly and constantly “upgrade” for a vendor versus a legacy approach, which makes HYCU very nimble.
Commvault GO is taking place this week in Denver and I am attending the event with a couple of ESG colleagues. 
It was time. Splunk was waiting for the next-generation, cloud-native application architectures to evolve to a point where it could pounce. And pounce Splunk did, scooping up SignalFx for $1.05 billion. This dwarfs previous acquisitions by Splunk over the last couple years, which acquired security automation and orchestration platform Phantom for $350 million, and DevOps incident management VictorOps for $120 million.