Australian businesses urged to adapt to CCPA law

Australian companies should be aware of new privacy regulations introduced in the state of California that could have implications for their operations, according to ISACA.

The California Consumer Protection Act (CCPA), the first law of its kind in the US, is designed to protect Californian consumers and will require all organisations anywhere in the world to be compliant with it.

According to David Bowden, an ISACA Privacy Advisory Group member and Zwift VP of Information Security, Data Privacy, Compliance and IT, over 15,000 Californian residents are employed by Australian companies that span more than 83 different industries.

This means Australian organisations must carefully evaluate the new legislation, he said.

ISACA is recommending that organisations take steps to mitigate business impacts based around three key elements.

The first involves strong data classification supporting identification and location of consumer data. The second requires the adoption of a consistent private data methodology ensuring that third-party vendor handling of private data mirrors that of the entity. The third component is based around agile project management and solid change management programs.

“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” Bowden said. “Having a comprehensive audit program is an incredibly valuable tool for guiding through these intricacies, avoiding repercussions and assuring compliance.”

ISACA has developed a new CCPA Audit Program to address this need. The new program will help auditors evaluate the design and operating effectiveness of the organisation’s practices and ongoing management of CCPA compliance, while identifying any control weaknesses.

Image credit: ©BillionPhotos.com/Dollar Photo Club