I wish the CA AG a lot of luck; however, her approach is very questionable when you think about downstream access and feed type scenarios. Example, Business in Boston MA has an agreement with a cloud host company in CA, and Boston also has data that it pulls in from Italy, DE, etc. plus has a service that it offers to all of users and partners in the US and Europe that is hosted in CA.
How is the CA AG going to impose a policy on Boston? It can’t; in fact the business in Boston will change providers and choose to use someone in another state that will not impact their costs and business.
BTW — I didn’t even mention the whole recent announcement from China on deploying out a fully Quantum “secured” infrastructure. If this is true; everyone is exposed and this means there is no way companies can be held accountable because US didn’t have access to the more advance Quantum infrastructure technology.
Feb. 17 — California Attorney General Kamala Harris (D) has released the state’s data breach report, laying out the legal and ethical responsibilities of businesses to keep information safe and perhaps most importantly outlining what the state believes is “reasonable security” that companies must employ to avoid possible enforcement actions.
Under the state’s information security statute, businesses must use “reasonable security procedures and practices” that “protect personal information from unauthorized access, destruction, use, modification, or disclosure,” the report said.
Under the guidelines in the report released Feb. 16, failing to implement all 20 of the Center for Internet Security’s Critical Security Controls that apply to an organization’s environment constitutes a lack of reasonable security. The controls define a minimum level of information security all organizations that collect or maintain personal information should meet.
Comments are closed.