What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jan 23, 2020

What You Need to Know about the California Consumer Privacy Act

Speak With A Security Expert Now

Originally posted in Best Manufacturing Practices January 16, 2020

On the heels of the European Union’s General Data Protection Regulation (GDPR) and the revelation that Facebook and other social media platforms were selling their data, consumers began to demand stronger data privacy protection. However, the U.S. constitution contains no express right to privacy. It’s typically left up to the civil court system to decide on such matters as governed by state law or precedent. When data privacy legislation called the California Consumer Protection Act (CCPA) was introduced last year, it was passed within weeks of its introduction.

The CCPA’s quick passage was widely seen as a compromise with online companies that were eager to prevent a tougher citizen proposal from going onto the ballot. The legislation, which went into effect Jan. 1, grants consumers new rights with respect to the collection of their personal information. The CCPA represents the first legislation of its kind to pass in the U.S., but it’s certainly not the last. In 2019, more than 20 states considered data privacy legislation. California will be an acid test to watch as the legislation takes effect.

Due to its focus on consumer privacy, the CCPA mandates full disclosure from companies regarding the collection of personal information — everything from what details they are keeping to what sources that information is coming from and why they are collecting it.

Under CCPA, California citizens have the right to opt out of having their data/ information sold. Users and customers must be notified from the get-go about their information. They have to acknowledge that their information is being collected, but they can choose not to allow those companies to sell their information to other companies. CCPA goes one step beyond GDPR to not only define privacy rights but to expose the economic value of consumer data.

The “right to be deleted” is another CCPA assurance for consumers, akin to GDPR’s right to be forgotten. Companies aren’t allowed to retaliate against those customers who opt out of allowing their information to be sold by charging them higher fees or rates.

The Logistics of CCPA Compliance

Every department must understand CCPA’s requirements, so manufacturers need to set up some training if they haven’t already. Companies that fall within CCPA’s jurisdiction will need to map all of the information they collect. And for many, they’ll find that certain departments have no understanding of the implications that arise from the information they regularly gather.

As a real-world example, consider that the marketing department most likely stores sales information about customers and prospects in a customer relationship management (CRM) tool to create stronger buying personas. However, marketers are likely unaware that CCPA requires documentation of where that data came from and why it is being used. And in a situation like this, pleading ignorance is no longer a viable defense.

This data is valuable to your company, and that means it is also valuable to others. One of the major aspects of CCPA is that companies must declare the value of the data they are collecting — so if a company plans to sell that data, it must declare its resale value.

Manufacturers must also justify why they possess customer data and to fully map where the information goes, including across their supply chain.

Manufacturers are also responsible for keeping this data safe, which couldchange how vendors are chosen. Organizations will need to analyze the risks that are associated with that vendor by conducting due diligence and then establish controls. They will have to put monitoring in place to ensure their vendors are in compliance with those data controls.

Yes, such laws require new processes and sometimes new people, but it doesn’t herald the death of manufacturers with California customers. Instead, companies can use this mandate to re-examine their partners, supply chain and data collection and storage purposes and methods. This, in turn, has the knock-on effect of stronger data security and greater consumer confidence.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.