MSPs: Brace your Customers for the Tidal Wave of Data Privacy Compliance
Ignorance is not bliss. Data privacy isn’t a new issue, but things have been fairly quiet on the new law front until this year. 2018 has been a big year for new data privacy laws and is likely the start of a new trend for years to come. Prior to 2018, we saw industry specific laws like Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Gramm-Leach-Bliley Act of 1999 (GLBA) enacted. Earlier this year, The EU General Data Protection Regulation (GDPR) began to affect American businesses. We have also seen new laws from individual states like The California Consumer Privacy Act, Colorado Protections for Consumer Data Privacy Act, and the Vermont Data Broker Law. Staying ignorant of the changing laws can be costly to businesses and damaging to your customers.
Data protection laws prohibit the disclosure or misuse of information about individuals. Over 80 countries have adopted comprehensive data protection laws. The United States has not adopted a comprehensive information privacy law, but has adopted laws in some areas.
Your customers have a lot of ground to cover when it comes to the protection of their businesses and ensuring they’re compliant. Businesses of all sizes–small businesses and enterprises alike–must confront a large scope of cybersecurity threats and maintain regulatory compliance data privacy laws. Do your customers have the right policies and procedures in place to ensure they are compliant? Their business is more vulnerable than they think, and they need your help.
The statistics above are staggering. Perfect protection is not practical. So, without effective monitoring, detection, and incident response to defend from cyber attacks, malware, ransomware, insiders and outsiders, others’ data can be put at risk.
Why should you care if others’ personal information is at risk? Penalties for non-compliance with data privacy laws are significant–so significant, in fact, that they have the potential to put your customers out of business and hinder your revenue.
Let’s look at GDPR as an example. Small violations can mean fines of approximately $12 million, or 2% of annual worldwide revenue, whichever is larger. Larger violations will see fines over $23 million, or 4% of annual worldwide revenue, whichever is a larger amount. In addition to these considerable fines, individuals can bring claims for breaches and for situations where their personal data was put at risk.
GDPR is not the only data privacy law that can result in hefty non-compliance fines. It is crucial that you are helping your customers be both compliant and secure. Keep in mind that compliance does not equal security. Compliance may pave the path to an appropriate level of security, but you should not conflate the two.
How can you ensure your customers are both compliant and secure? Help them understand their business’ data is an asset, and that it’s important to know its value, location and movement. It is recommended they establish and adhere to a governance framework designed for their industry. In addition, perform regular security evaluations, risk assessments and awareness training for employees.
Approaching compliance and security for your customers is no small feat. Determine what you can help your customers with and find a trusted partner to augment your capabilities. Co-managed Security Information and Event Management (SIEM) is a very effective way to keep you and your customers above water in the tidal wave of data privacy. EventTracker SIEM enables you to be audit ready with over 20 compliance frameworks, including PCI DSS, HIPAA, GLBA, and GDPR. By combining a powerful SIEM platform and a 24/7 SOC (Security Operations Center) in one managed service, MSPs are empowered to manage compliance, strengthen security defenses, and respond effectively to threats.
The EventTracker partner program is a compliance and security game changer. Contact us to learn more about the partner program benefits and our full suite of connectivity, security and compliance solutions–from the endpoint to the edge.
Sources: Forbes, Spiceworks, Wikipedia, AT&T Market Pulse: Global State of Cybersecurity, Symantec Internet Security Threat Report
This guest blog is part of a Channel Futures sponsorship.