Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 233

In addition to the federal and international laws affecting the privacy and security of information, organizations must be aware of the laws passed by states, provinces, and other jurisdictions where they do business. As with the data breach notification laws discussed earlier in this chapter, states often lead the way in creating privacy regulations that spread across the country and may eventually serve as the model for federal law.

The California Consumer Privacy Act (CCPA) is an excellent example of this principle in action. California passed this sweeping privacy law in 2018, modeling it after the European Union's GDPR. Provisions of the law went into effect in 2020, providing consumers with the following:

 The right to know what information businesses are collecting about them and how the organization uses and shares that information

 The right to be forgotten, allowing consumers to request that the organization delete their personal information, in some circumstances

 The right to opt out of the sale of their personal information

 The right to exercise their privacy rights without fear of discrimination or retaliation for their use

It is quite likely that other states will follow California's model and introduce their own broad privacy laws in the next few years. This is an important area of focus that cybersecurity professionals should monitor.