Best practices for compliance include a thorough information audit to establish what personal data it holds, what it is used for, where it came from, who it is shared with, and how it is stored and transferred. Once the types of data held and processes are established, the legal basis for carrying out data processing should be reviewed and documented. Data security remains an important issue under this regulation. Engage the appropriate experts to evaluate your exposure. The stakes are higher.
After completing an internal audit, organizations should consider engaging legal counsel to identify the specific impact to their business, including compliance, contract language and employee awareness.
An experienced cyber insurance broker plays a critical role as an advisor in this process, providing not only insurance services, but also enterprise-wide risk management guidance. When an incident occurs, cyber insurance responds including covering costs associated with managing an event for unauthorized disclosure of data or a data breach. The insurance pays regulatory fines, where insurable, and it helps you to connect with privacy counsel, forensic computer consultants and communications firms at short notice and preferred rates.
The benefits of mitigating your risk exposure are clear: avoiding fines and penalties and, most importantly, protecting California consumers’ personal information.