logo [vc_empty_space height="38px"]

Select Sidearea

[vc_empty_space height="18px"] Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more. [vc_empty_space height="31px"] [vc_empty_space height="26px"]

Upcoming Cybersecurity Regulations in 2023 SMBs Should Know About

Follow Us on Social Media!

The impact of cybersecurity incidents on organizations and those who depend on them has become impossible to ignore. After decades characterized by a laissez-faire approach to cybersecurity regulation, regulators are finally saying that enough is enough.

In 2023, multiple new cybersecurity regulations will go into effect, requiring organizations to implement specific measures to protect themselves, their data, and their customers from cybersecurity incidents and their fallout. Let’s take a closer look at those:

Cybersecurity Regulations All SMBs Should Be Aware of:

American Data Privacy and Protection Act (ADPPA)

Introduced in June 2022, the American Data Privacy and Protection Act (ADPPA) is a proposed federal online privacy bill whose goal is to create national standards for the protection of personal information by organizations. The ADPPA shares many similarities with the EU’s GDPR, including the principles of data minimization, individual ownership, and private right of action.

The ADPPA is the first federal online privacy bill to pass committee, thanks to its bipartisan support. While it’s unlikely that the bill will go into effect in 2023 because it still has to pass the House before proceeding to the Senate, its mere existence is already shaping the future of the cybersecurity compliance landscape.

California Privacy Right Act (CPRA)

California made history in 2018 when it signed into law California Consumer Privacy Act (CCPA), the first data protection law in the United States, giving Californians new privacy rights and creating obligations for for-profit entities doing business in California.

The California Privacy Right Act (CPRA), also known as Proposition 24, will go into effect on January 1st, 2023, substantially expanding the privacy rights and obligations introduced by the CCPA. More specifically, the CPRA gives California residents the right to correct inaccurate personal information and the right to limit use and disclosure of sensitive personal information.

Colorado Privacy Act (CPA)

The Colorado Privacy Act (CPA) is one of several CCPA-inspired cybersecurity regulations that will go into effect in 2023, after being signed into law on July 8th, 2021. The bill applies to legal entities conducting business in Colorado or delivering products or services to Colorado residents.

The CPA gives Colorado residents a whole host of new data protection rights, including the right to confirm if personal data is being processed by a controller, the right to have personal data deleted by the controller, and the right to opt out of the processing of personal data for advertising purposes.

Connecticut Data Privacy Act (CTDPA)

From July 1st, 2023, Connecticut-based organizations and organizations that produce products or services targeted to Connecticut residents will have to comply with new comprehensive consumer privacy legislation, called the Connecticut Data Privacy Act (CTDPA).

The CTDPA gives Connecticut consumers many of the same rights Colorado consumers will enjoy thanks to the CPA, such as the right to access personal data, the right to correct personal data, the right to delete personal data, and the right to opt out of data processing.

Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is intended to strengthen the cybersecurity posture of the Defense Industrial Base (DIB), namely Department of Defense (DoD) contractors and subcontractors that handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

The CMMC was first announced in June 2019, and it has since then reached version 2.0, which specifies three cybersecurity maturity levels, with each level building upon the previous one by including additional cybersecurity practices and processes that organizations must implement in order to achieve compliance. The CMMC is expected to start appearing in DoD contracts by May 2023.

Utah Consumer Privacy Act (UCPA)

The Utah Consumer Privacy Act (UCPA) bears a lot of resemblance to other state-level cybersecurity regulations we’ve already described in this article. The biggest difference is that the UCPA includes multiple threshold requirements that determine which organizations it applies to.

For example, organizations with annual revenue of less than $25,000,000 are not subject to the UCPA, so most small businesses won’t be burdened by the legislation and its fines of up to $7,500 per violation. The UCPA will take effect on December 31st, 2023.

Virginia Consumer Data Protection Act (VCDPA)

On March 2nd, 2021, Virginia became the second state after California to enact comprehensive consumer privacy legislation, the Virginia Consumer Data Protection Act (VCDPA). The VCDPA will go into effect on January 1st, 2023, and it will give consumers new rights to access and manage their personal data.

Just like the UCPA, the VCDPA imposes fines of up to $7,500 per violation, whose enforcement will be up to the state attorney general. The biggest difference between the UCPA and the VCDPA is that only the former legislation includes annual revenue as a threshold requirement that organizations must satisfy to fall within the statute’s scope.

Ace Cybersecurity Regulations in 2023!

As you can see, the cybersecurity compliance landscape is changing rapidly, becoming more complex and harder to navigate. To avoid getting lost in it, organizations need to be proactive, instead of passively waiting for rules to be written and enforced. That means they should:

Sounds like a lot of work? It doesn’t have to be! At TechGen, we can help you ace cybersecurity compliance in 2023 so that you can thrive in the rapidly evolving regulatory ecosystem. Get in touch with us to jump-start your compliance journey.

Let's Chat! Contact Us Today.

Fill out the form below and one of our IT experts will be in touch with you shortly to discuss all your IT needs.

Share This Article With a Friend!