What We Do
How we do it
Resources
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jan 23, 2020

What You Need to Know about the California Consumer Privacy Act

3 minutes read
Speak With A Security Expert Now

Originally posted in Best Manufacturing Practices January 16, 2020

On the heels of the European Union’s General Data Protection Regulation (GDPR) and the revelation that Facebook and other social media platforms were selling their data, consumers began to demand stronger data privacy protection. However, the U.S. constitution contains no express right to privacy. It’s typically left up to the civil court system to decide on such matters as governed by state law or precedent. When data privacy legislation called the California Consumer Protection Act (CCPA) was introduced last year, it was passed within weeks of its introduction.

The CCPA’s quick passage was widely seen as a compromise with online companies that were eager to prevent a tougher citizen proposal from going onto the ballot. The legislation, which went into effect Jan. 1, grants consumers new rights with respect to the collection of their personal information. The CCPA represents the first legislation of its kind to pass in the U.S., but it’s certainly not the last. In 2019, more than 20 states considered data privacy legislation. California will be an acid test to watch as the legislation takes effect.

Due to its focus on consumer privacy, the CCPA mandates full disclosure from companies regarding the collection of personal information — everything from what details they are keeping to what sources that information is coming from and why they are collecting it.

Under CCPA, California citizens have the right to opt out of having their data/ information sold. Users and customers must be notified from the get-go about their information. They have to acknowledge that their information is being collected, but they can choose not to allow those companies to sell their information to other companies. CCPA goes one step beyond GDPR to not only define privacy rights but to expose the economic value of consumer data.

The “right to be deleted” is another CCPA assurance for consumers, akin to GDPR’s right to be forgotten. Companies aren’t allowed to retaliate against those customers who opt out of allowing their information to be sold by charging them higher fees or rates.

The Logistics of CCPA Compliance

Every department must understand CCPA’s requirements, so manufacturers need to set up some training if they haven’t already. Companies that fall within CCPA’s jurisdiction will need to map all of the information they collect. And for many, they’ll find that certain departments have no understanding of the implications that arise from the information they regularly gather.

As a real-world example, consider that the marketing department most likely stores sales information about customers and prospects in a customer relationship management (CRM) tool to create stronger buying personas. However, marketers are likely unaware that CCPA requires documentation of where that data came from and why it is being used. And in a situation like this, pleading ignorance is no longer a viable defense.

This data is valuable to your company, and that means it is also valuable to others. One of the major aspects of CCPA is that companies must declare the value of the data they are collecting — so if a company plans to sell that data, it must declare its resale value.

Manufacturers must also justify why they possess customer data and to fully map where the information goes, including across their supply chain.

Manufacturers are also responsible for keeping this data safe, which couldchange how vendors are chosen. Organizations will need to analyze the risks that are associated with that vendor by conducting due diligence and then establish controls. They will have to put monitoring in place to ensure their vendors are in compliance with those data controls.

Yes, such laws require new processes and sometimes new people, but it doesn’t herald the death of manufacturers with California customers. Instead, companies can use this mandate to re-examine their partners, supply chain and data collection and storage purposes and methods. This, in turn, has the knock-on effect of stronger data security and greater consumer confidence.

View Most Recent Blogs
eSentire
eSentire

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.