The impact of cybersecurity incidents on organizations and those who depend on them has become impossible to ignore. After decades characterized by a laissez-faire approach to cybersecurity regulation, regulators are finally saying that enough is enough.
In 2023, multiple new cybersecurity regulations will go into effect, requiring organizations to implement specific measures to protect themselves, their data, and their customers from cybersecurity incidents and their fallout. Let’s take a closer look at those:
Cybersecurity Regulations All SMBs Should Be Aware of:
The ADPPA is the first federal online privacy bill to pass committee, thanks to its bipartisan support. While it’s unlikely that the bill will go into effect in 2023 because it still has to pass the House before proceeding to the Senate, its mere existence is already shaping the future of the cybersecurity compliance landscape.
The California Privacy Right Act (CPRA), also known as Proposition 24, will go into effect on January 1st, 2023, substantially expanding the privacy rights and obligations introduced by the CCPA. More specifically, the CPRA gives California residents the right to correct inaccurate personal information and the right to limit use and disclosure of sensitive personal information.
The CPA gives Colorado residents a whole host of new data protection rights, including the right to confirm if personal data is being processed by a controller, the right to have personal data deleted by the controller, and the right to opt out of the processing of personal data for advertising purposes.
The CTDPA gives Connecticut consumers many of the same rights Colorado consumers will enjoy thanks to the CPA, such as the right to access personal data, the right to correct personal data, the right to delete personal data, and the right to opt out of data processing.
The CMMC was first announced in June 2019, and it has since then reached version 2.0, which specifies three cybersecurity maturity levels, with each level building upon the previous one by including additional cybersecurity practices and processes that organizations must implement in order to achieve compliance. The CMMC is expected to start appearing in DoD contracts by May 2023.
For example, organizations with annual revenue of less than $25,000,000 are not subject to the UCPA, so most small businesses won’t be burdened by the legislation and its fines of up to $7,500 per violation. The UCPA will take effect on December 31st, 2023.
Just like the UCPA, the VCDPA imposes fines of up to $7,500 per violation, whose enforcement will be up to the state attorney general. The biggest difference between the UCPA and the VCDPA is that only the former legislation includes annual revenue as a threshold requirement that organizations must satisfy to fall within the statute’s scope.
Ace Cybersecurity Regulations in 2023!
As you can see, the cybersecurity compliance landscape is changing rapidly, becoming more complex and harder to navigate. To avoid getting lost in it, organizations need to be proactive, instead of passively waiting for rules to be written and enforced. That means they should:
Sounds like a lot of work? It doesn’t have to be! At TechGen, we can help you ace cybersecurity compliance in 2023 so that you can thrive in the rapidly evolving regulatory ecosystem. Get in touch with us to jump-start your compliance journey.