Search

From June 2018 (passed into law) to January 1, 2020 (effective date) to July 1, 2020 (enforcement), there are a few dates we’ll never forget when it comes to the California Consumer Privacy Act (CCPA). In just a few short months, there will be another date to add to that list – January 1, 2021. In October 2019, the California legislature passed Assembly Bill 25, an amendment that exempts employers from complying with certain CCPA requirements when it comes to the data of employees and job applicants. However, AB 25 sunsets at the end of this year, after which employee personal information will be granted the same rights and protections as consumer personal information as set forth by the CCPA. In the rush to comply with the CCPA this year, many businesses took advantage of this amendment and put these employee data requirements on the backburner. But January 1 will be here in no time. Keep reading to ensure your organization understands all the CCPA’s requirements for employee personal information and is prepared to comply before they go into effect in the new year.

Name of Employer: Focal Point Data Risk, LLC Position Title: Senior Consultant (Multiple Positions) Job Location: 201 E. Kennedy Blvd, Suite…

Companies have barely had time to catch their breath since the California Consumer Privacy Act (CCPA) took effect this year, and California is already looking to pass a second, possibly tougher law. Many considered the CCPA to be the strictest privacy law ever in the U.S., which may not be true soon. Instead, the California Privacy Rights Act (CPRA), often referred to as “CCPA 2.0,” could earn that title if passed in the November general elections. Backed by the Californians for Consumer Privacy (the group that first drafted the CCPA), the CPRA would amend the CCPA, creating new privacy obligations for organizations and significantly expanding the rights of consumers. If approved by voters this November, the CPRA would go into effect on January 1, 2023, but certain provisions like those pertaining to the collection of person information would go into effect immediately. Therefore, companies will once again need to update their privacy programs in order to comply with an even more rigorous set of data protection requirements. In this blog, we’ll take a closer look at the CPRA, how the law compares to the CCPA, and what your company can do now to prepare if it passes in November.

After rebuilding their Enterprise Resource Planning (ERP) solution, SAP launched S/4 HANA, its fourth-generation business suite to help businesses transform their digital needs. S/4 HANA is the successor to SAP ERP Control Center (ECC) and SAP R/3, delivering more advanced data compression technology, a simplified platform, and a more efficient memory solution. The S/4 HANA platform runs exclusively on the SAP HANA in-memory database architecture, where both on-premise and cloud-hosted implementations are supported. While many companies have started upgrading their corporate ERP systems to this next-generation solution, choosing the right implementation option for your company’s budget, needs, and team can be a challenge. Let’s take a closer look at the four different implementation approaches:

Aaron Stehsel is a Managing Director in Focal Point’s Risk Consulting practice and brings over 30 years of audit, consulting,…

Use cases for building a practical, strategic approach to identity governance within a healthcare organization

In our new white paper, our experts further explore the role of internal auditors in data privacy and practical ways the two teams can work together to mitigate risk.

Aaron Shanas, Director of Cyber Defense at Expedia Group, graciously sat down with Focal Point's Justin Avery to discuss his personal philosophy on cybersecurity workforce development, how he trains his employees, and why some certifications may be overrated.

In a highly anticipated ruling on July 16, 2020, the Court of Justice of the European Union (CJEU) announced the immediate invalidation of the Privacy Shield agreement between the European Union (EU) and the United States (U.S.). Privacy Shield was a trans-Atlantic mechanism that allowed U.S. companies to freely transfer the personal data of European citizens and residents outside of the EU. The CJEU in Luxembourg ruled that the agreement did not comply with European privacy rights and failed to protect the privacy of its citizens’ data. As a result, more than 5,300 certified U.S. companies are now forced to adapt their data transfer and privacy policies. Although the court ruled that other data transfer options like standard contractual clauses (SCCs) are still viable, the decision to invalidate Privacy Shield potentially jeopardizes the flow of data across borders and causes significant uncertainty as to what comes next for many companies. In this blog, we’ll take a closer look at the CJEU’s decision to nullify Privacy Shield and what organizations can do now to strengthen the flow of data across borders.