Security News > 2020 > August > COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider
Despite the pandemic, companies are obligated to comply with many laws governing data security and privacy, including the two most familiar to consumers - the European Union's General Data Protection Regulation and the California Consumer Privacy Act.
Like GDPR before it, CCPA makes data security and regulatory compliance more of a challenge and requires businesses to create a number of new processes to fully understand what data they have stored in their networks, who has access to it, and how to protect it.
The data and application security role has never been more vital, both to safeguard the organization as more data and applications move online and to handle data security regulatory compliance, an onus companies continue to carry despite the pandemic.
Where is personal data stored? Companies must scan their networks and servers to find any unknown databases, identify sensitive data using dictionary and pattern-matching methods, and pore through database content for sensitive information such as credit card numbers, email addresses, and system credentials.
Which data has been added or updated within the last 12 months? You need to monitor all user database access - on-premises or in the cloud - and retain all the audit logs so you can identify the user by role or account type, understand whether the data accessed was sensitive, and detect non-compliant access behaviors.
Are we pseudonymizing data? Data masking techniques safeguard sensitive data from exposure in non-production or DevOps environments by substituting fictional data for sensitive data, reducing the risk of sensitive data exposure.