We’re excited to announce that Prolifics’ Innovation through Open Banking solution is an IBM 2020 Beacon Award finalist in the “Outstanding Hybrid Cloud Solution” category. The Prolifics UK Innovation Lab originally implemented the solution for a large British banking organization and has since implemented it at multiple major banks in the UK.
“IBM is proud to recognize Business Partners who strive to enhance client experiences, drive business growth, and change the world…The IBM Beacon Award recognizes Business Partners worldwide who use IBM products and technology to create outstanding solutions and spark innovation,” states IBM on their site announcing this year’s award winners.
Recent Open Banking initiatives in the UK and the EU’s PSD2 are changing how banks, their customers and third parties access, share and secure the customers’ financial information. These regulations reflect customers’ desires for digital access and self-serve functions for financial products and services, as well as ownership and portability of their digital financial accounts and transactions across providers.
Prolifics sees these initiatives, along with similar ones in the US, Middle East, Australia and Asia, as opportunities for financial organizations to reinvent themselves as more open, responsive, customer-centric and partner-friendly. Our Innovation Through Open Banking solution offers:
Securely exposed, open APIs for use by both the business and third-party organizations
A robust SaaS API management platform, leveraging IBM’s leading cloud, API, and integration products
Access to a preconfigured sandbox environment built on IBM Cloud/SaaS software, enabling rapid testing of integration points
A dedicated Prolifics managed services team that helps manage post-deployment complexities, freeing the organization to focus on customer service and future innovation
The solution provides a quick win and a quick path toward compliance with the new regulations. With the solution in place, the client can rapidly build a secured API marketplace, generating new products and services and adding new features to current offerings.
As similar initiatives arise elsewhere in Europe, the UK and around the world, this solution can be quickly adapted to meet those requirements. It is also a good fit for banking organizations seeking to innovate business practices in an open banking, API-centered model. But the base solution isn’t restricted to Banking – Prolifics has also extended the underlying IBM solution to provide capabilities for other industries such as Open Insurance and FHIR for Healthcare.
There are lots of robots out there – from the Class M3 Model B9 in “Lost in Space” to the funny-talking Terminator to Michael Jackson’s robot moves in “Dancing Machine.” But, the real robot – or just plain “bot” – you’re probably looking for is something to help your business run smoother and your employees to do more productive work. There are different levels of robotics – or automation – available based on what you’re trying to do. Here’s a basic guide to get you to the level you need.
Robotic process automation – freeing up your employees for more important work
Your employees often spend a ton of time on repetitive mundane tasks thanks to non-integrated systems or silos of information that you think can only be bridged manually. Think about some of your data input tasks, you need to manually enter information from one document or system into the next document or system, or information must be parsed out to various reports or departments. Repetitive work like this causes employees to become distracted, bored or tired – leading to mistakes and less work completed. This not only diminishes individual productivity, but it creates a downstream ripple effect in the rest of your business processes. Even with entry-level positions, mundane tasks can leave employees frustrated, leading to turnover and increased hiring and training costs. You may think this type of work doesn’t exist in your company, but we can almost guarantee that it does. And it can be fixed.
This is where robotic process automation (RPA) comes into play. Advances in RPA have made it easier, quicker and cheaper to roll out with reduced risk. It’s quick – often going from “ideation to operationalization” in three to four weeks. RPA can run repetitive, mundane tasks 24 hours a day, quickly, with an extremely low error rate. Once programmed, it never needs a refresher course, and updates or changes are implemented easily – without additional training costs. RPA is not intended to replace employees – even lower-level workers. It’s meant to free up those employees for more important work. They can become “knowledge workers.”
Okay, so what’s hyper-automation or hyperautomation?
In “Gartner Top 10 Strategic Technology Trends for 2020,” they define hyperautomation as “deal(ing) with the application of advanced technologies, including artificial intelligence (AI) and machine learning (ML), to increasingly automate processes and augment humans.” So, it’s often used interchangeably with the terms and concepts discussed below.
Let’s move up a bit to “exception” work, like claims processing in healthcare insurance. While most claims processing never needs human intervention (because of RPA), your claims process specialist – a knowledge worker – must review certain claims for such things as over-threshold amounts, suspected fraud, audit, and other exceptions. Often there are tedious, repetitive tasks associated with these exceptions, like compiling facts, figures and information out of different data sources, business applications and/or policy documents. Your knowledge worker needs to get this specific information, based on whatever the exception kick-out is, to make a decision. But compiling the info (even assuming no mistakes are made) slows down the worker, the decision, and the process – resulting in inefficiencies and higher costs.
Intelligent automation / hyperautomation is the answer here. This type of bot learns where to get the information needed to process the exception – quickly, accurately and completely. Imagine the knowledge worker getting the exception report along with all the information needed to make the decision.
Intelligent automation / hyperautomation is especially valuable when volume is considered. Claim filings can vary widely based on events and time of year. And when something like COVID-19 hits, with the potential for an explosion in claims volume with specific claim exceptions – for example, no co-pays – volume and workforce size are difficult to match. Having a stable workforce while scaling up or down for claims volume is difficult. There’s a lot of time and cost involved in hiring and training knowledge workers. Hire too many and you may end up with layoffs; hire too few and you’re scrambling to get the job done. IA bots, also known as digital worker assistants or simply digital workers, can be easily added or removed to scale up or down based on volume, helping to stabilize your knowledge-worker hiring.
Intelligent automation / hyperautomation is not just for claims exceptions. It can be used across multiple industries to actually make decisions based on the information it gathers. Examples include:
Healthcare: Check on provider data to determine “in-network” or “out-of-network” status.
Mortgages/loans: Process documentation and related decisions for loan applications.
Like straight RPA, intelligent automation is not meant to replace workers. It gives them the information they need to do their jobs quicker, more efficiently and more accurately.
Artificial intelligence/machine learning (AI/ML) capabilities are the top capabilities of digital workers. A digital worker that includes an AI/ML solution can complete complex decision making on its own. This is because new AI/ML techniques look at large amounts of data, make connections, and generate insights better and quicker than a knowledge worker ever could.
For example, basic automation can make a decision on a loan by collecting data and aligning it with the parameters set by the financial institution. An organization using AI/ML, by contrast, can analyze the entire historical loan portfolio on an ongoing basis, and recognize, for example, that a certain combination of factors leads to a much higher risk of default. If the loan application has those factors, the AI/ML digital worker will deny the loan.
AI/ML is for “what’s next” questions – such as who’s likely to default on a loan, what’s your customer’s next purchase, or when might your equipment break down. You would use artificial intelligence and machine learning tools to automatically detect sophisticated data patterns to predict potential outcomes, giving you better decision-making insight. Does AI/ML replace workers? Again, we would say no – AI/ML gives your company opportunities for sophisticated, strategic work that generates competitive advantages.
How can we help?
If you’re interested in any of the bot concepts discussed here, we can sit down with you for a free discovery workshop. If we believe one of our digital workers can help, then we’ll recommend a solution from our catalog of digital workers. If you want to go further, we’ll jump-start the automation solution, including deploying and customizing as needed for your environment. If an AI/ML solution is involved, we’ll also install and set up that platform. With Prolifics digital workers, we offer a quantified outcome expressed in improved time, increased volume and better quality.
New CMS and ONC rules on patient health data are on the horizon. FHIR is driving key data functions. You want to stay compliant, serve your customers and have a long-term strategy for analyzing and leveraging data. Prolifics’ Quick FHIR solution expert Tim Henrion talks more about these challenges and solutions to help you now and in the future.
Prolifics, a global digital transformation leader, is pleased to announce that CRN®, a brand of The Channel Company, has named Kirsten Craft, Global Head of Business Development & Marketing, to the prestigious “2020 Women of the Channel” list. In addition, CRN recognized Craft as one of its “2020 Power 40 Solution Providers,” an elite subgroup of the Women of the Channel list.
The leaders named to the Women of the Channel list represent technology vendors, distributors, solution providers and other IT organizations. Each is recognized for her significant contributions and unique role in the IT channel. The Women of the Channel Power 40 list highlights extraordinary women who exhibit thought leadership, channel expertise and innovative vision for driving channel growth.
Craft is responsible for promoting the Prolifics brand globally while developing new and innovative ways to provide value for Prolifics’ clients and partners. She has more than 20 years of experience in information technology in a wide range of leadership positions and has continually demonstrated expertise and ongoing dedication to the IT channel. In her seven years with Prolifics, Craft has been named to the Women of the Channel list five times.
Satya Bolli, Prolifics Chairman & Managing Director, said, “We’re proud as an organization that Kirsten is being recognized again. Our channel relationships are extremely important to us. She listens to the needs of our clients and partners and is committed to new business models and go-to-market strategies that expand and promote channel engagement that drives a higher level of value for clients.”
“I’m honored to be on the Women of the Channel and Power 40 Solution Providers lists,” said Craft. “It’s a reflection of the trust our manufacturers have in Prolifics. Technology changes and evolves rapidly. To stay on the leading edge and bring these innovations to our clients requires tight strategic and tactical channel relationships – which I’m happy to say we have across Prolifics.”
Find out more about Kirsten Craft and her achievements in her 2020 Woman of the Channel profile. CRN Magazine will feature the 2020 Women of the Channel list on June 8, 2020.
About Prolifics
Prolifics is a global digital transformation leader with expertise in cloud, data and analytics, DevOps, digital business, and quality assurance across multiple industries. We provide consulting, engineering and managed services for all our practice areas at any point you need them – giving you fast, complete solution delivery experiences that you will find nowhere else. Whether it’s initial advising and strategy; design and implementation; or ongoing analysis and guidance, Prolifics will help you take charge of your digital future. Visit www.prolifics.com.
The California Consumer Privacy Act (CCPA) was created to provide consumers in the state of California with additional rights and protections related to how businesses are permitted to use their personal information. This state statute was enacted in 2018 and put into effect in January 2020.
In this article, we’ll take a look at what the CCPA is and how the CCPA impacts businesses and consumers.
What Is The Purpose of CCPA?
In the past few years, customers have expressed growing concerns about the fate of their personal data in the hands of businesses and corporations. The purpose of the CCPA is protect the data and privacy of consumers. The CCPA endows residents in the state of California with the following rights:
The right to be informed that personal data is being collected, used, sold, and/or shared by businesses
The right to request for the deletion of personal data
The right to prohibit businesses from selling their personal information
The right to access any personal data collected by businesses
The right to not be discriminated against (higher prices, lower levels of service, etc.) for exercising these rights
In the event that these rights are breached, the CCPA grants California residents the right to sue.
What Is Personal Information?
It is important to know what personal information is to have a good understanding of the implications of the CCPA. The CCPA defines personal information as the following: “Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” (1798.140.o1).
The different categories of personal information under the CCPA are direct identifiers, unique identifiers, biometric data, geolocation data, internet activity, and sensitive information. Examples of direct identifiers include first and last name, social security numbers, and home address. Unique identifiers refer to data like account names, cookies, and IP addresses. Location history is the primary example of geolocation data. Internet activity refers to browsing history and search history. Biometric data encompass voice and face recordings. Finally, health data is an example of sensitive information.
Overall, any data that can be used to identify an individual or a household is considered personal information under the CCPA. Data that is anonymous or aggregated generally is not covered by the CCPA. In some cases, suppression of data may be necessary to prevent the Identification of specific individuals or households by inference or by combining multiple sources of anonymous or aggregated data.
Which Businesses Must Abide by the CCPA?
Not all businesses must abide by the CCPA. There are certain requirements that a company must fulfill before being forced to comply with this state statue. The following companies are required to abide by the CCPA:
Companies that earn more than $25 million in annual gross revenue
Companies that collect the personal information of at least 500,000 residents, households, and/or devices in California each year
Companies that derive more than half of their annual revenue from selling the personal information of California residents.
Notably, companies outside of the state of California are also expected to comply with the CCPA. After all, most of the businesses in the United States do business with consumers in California. Also, many other states have enacted similar legislation. Some examples of such states include Washington and New Jersey.
Are B2B Businesses Exempt from the CCPA?
“No” is the short answer to the question “Are B2B businesses exempt from the CCPA?” However, in truth, the answer is a little more complicated than that. The CCPA is not entirely black and white when it comes to business-to-business (B2B) companies. According to the CCPA, all communications and transactions that occur during the process of a business providing or receiving a product/service are exempt from the CCPA. Therefore, it appears that B2B businesses are exempt from the CCPA in terms of emails and other forms of communication. This exemption is only in place until January 2021.
However, B2B companies must still comply with the CCPA when it comes to allowing individuals to say no to the sale of their personal information and making sure consumers who exercise their data privacy rights are not exempt.
Overall, while there are some short-term exemptions that B2B companies are currently enjoying, the CCPA does have major implications for B2B companies. It is in the best interest of B2B companies to take advantage of these short-term exemptions to make the transition to this new normal for data privacy laws a little less rocky.
What Is the Difference Between the CCPA and the GDPR?
One question that you may have is “What is the difference between the CCPA and the GDPR?” The GDPR, which stands for the General Data Protection Regulation, is a regulation pertaining to data privacy in the European Union as well as the European Economic Area. The GDPR also regulates the transfer of personal information in areas other than the EU and EEA.
The GDPR was enacted in May 2018 to standardize data privacy laws across all 28 countries in the EU. The GDPR requires businesses to protect the personal data associated with all transactions occurring in the EU. This includes US businesses conducting transactions in the EU.
The main difference between the GDPR and the CCPA is that the latter only protects the privacy and data of California residents. On the other hand, the GDPR is only applicable for transactions in the EU. Another key difference is that the primary focus of the CCPA is to regulate the sale of personal information. The main focus of the GDPR is to regulate data ownership and the rights to personal data deletion.
What Does the CCPA Mean for Businesses?
The CCPA requires that all residents of California must know what personal data is being collected and how this information is being used. However, the CCPA may mean that businesses may need to grant these new data privacy rights to all customers. The reason for this is that it is often difficult for a business to know for sure where a user is located. Therefore, for many businesses, it is in their best interest to blindly apply the CCPA rights to all customers due to the inability to distinguish between consumers from California and consumers from other states. Also, as noted above, many states are working to enact statues similar to the CCPA.
Businesses can face civil penalties of $2,500 per violation under the CCPA and up to $7,500 for all intentional violations. In general, a business will first receive notification of alleged noncompliance. If the business fails to rectify the violation within 30 days, the business will be considered in violation of the CCPA and may face civil penalties and civil actions for injunctions from the California attorney general. As mentioned above, California residents are able to sue businesses for violations as individuals or classes.
How Should Businesses Prepare for the CCPA?
There are a number of steps that businesses should take to prepare for the CCPA. These steps include updating their website and ensuring personal data security. This section will outline how businesses can adequately prepare for the CCPA.
All businesses should update the privacy policy on their website to ensure the personal data they collect is clearly outlined. Not only should the privacy policy mention what personal data is collected, but it should also explain why it is stored and how it is processed and used. A section of your website should provide your consumers with clear instructions on how to make a request to access their personal data. You can provide a toll-free telephone number that consumers can call to make a right-to-access request. Provide a thorough explanation of how your business intends to validate the identity of individuals who make right-access requests.
Under the CCPA, the California Attorney General has the power to impose fines in the event of a breach of personal consumer information. However, these penalties are only applicable to businesses that did not take the right steps to protect personal data.
Be sure that all the personal information you collect from your consumers is encrypted. Redaction is another method that you can use to protect the personal information of your California consumers. Not only do you need to protect the data through encryption or redaction, but you may need to completely restructure the way you collect and store data to ensure that you have the ability to find personal information no matter where it is stored. The reason is that consumers can make right-to-access requests, which means you need to be able to find and provide this data in an efficient manner. As you can imagine, this can be a very time-consuming and difficult process.
In Conclusion
In conclusion, the CCPA has the potential to have national and even global implications when it comes to data privacy for consumers. California was the first state in the county to enact legislation to protect consumer data and privacy. Many states are expected to follow suit in the next few years. For more information about what is the CCPA, don’t hesitate to contact us.
As a long-time IBM business partner, we’re thrilled to announce that IBM named Prolifics as a finalist in its 2020 Beacon Awards. Our “Blockchain-Supported Interoperability for Healthcare solution” –generated by our Innovation Center – is recognized in IBM’s Blockchain Trailblazer Award category.
“IBM is proud to recognize Business Partners who strive to enhance client experiences, drive business growth, and change the world…The IBM Beacon Award recognizes Business Partners worldwide who use IBM products and technology to create outstanding solutions and spark innovation,” states IBM on their site announcing this year’s award winners.
Recognizing that blockchain will be a highly sought-after technology, our Innovation Center drew on our healthcare expertise to create demonstration scenarios for the healthcare industry. Blockchain benefits for healthcare include a unified, secured view of data across disparate healthcare entities, provisioning of information necessary for patients to make informed decisions, and overall streamlined claims processing. In short, the outcomes of this solution lead to improved revenue cycle management along with enhanced patient relations.
The solution is currently being leveraged within the healthcare industry to build a blockchain network across multiple business units. This solution will deliver a variety of benefits to the involved organizations, including real-time transparency, customer-centricity, cost savings and business agility.
While the healthcare industry is our immediate focus for this innovative blockchain solution, it is directly applicable and viable across multiple industry segments.
To learn more about Prolifics, visit our website at prolifics.com.
We’re proud to share the news! Prolifics is an IBM 2020 Beacon Award finalist in two categories – “Outstanding Hybrid Cloud Solution” and “Blockchain-Supported Interoperability for Healthcare solution.”
“IBM is proud to recognize Business Partners who strive to enhance client experiences, drive business growth, and change the world…The IBM Beacon Award recognizes Business Partners worldwide who use IBM products and technology to create outstanding solutions and spark innovation,” states IBM on their site announcing this year’s award winners.
IBM, on the company’s website announcing this year’s award winners
Prolifics Open Banking SaaS Solution Recognized in Outstanding Hybrid Cloud Solution Category
The Prolifics UK Innovation Lab originally implemented the solution for a large British banking organization and has since implemented it at multiple major banks in the UK.
Recent Open Banking initiatives in the UK and the EU’s PSD2 are changing how banks, their customers and third parties access, share and secure the customers’ financial information. These regulations reflect customers’ desires for digital access and self-serve functions for financial products and services, as well as ownership and portability of their digital financial accounts and transactions across providers.
Prolifics sees these initiatives, along with similar ones in the US, Middle East, Australia and Asia, as opportunities for financial organizations to reinvent themselves as more open, responsive, customer-centric and partner-friendly. Our Innovation Through Open Banking solution offers:
Securely exposed, open APIs for use by both the business and third-party organizations
A robust SaaS API management platform, leveraging IBM’s leading cloud, API, and integration products
Access to a preconfigured sandbox environment built on IBM Cloud/SaaS software, enabling rapid testing of integration points
A dedicated Prolifics managed services team that helps manage post-deployment complexities, freeing the organization to focus on customer service and future innovation
The solution provides a quick win and a quick path toward compliance with the new regulations. With the solution in place, the client can rapidly build a secured API marketplace, generating new products and services and adding new features to current offerings.
As similar initiatives arise elsewhere in Europe, the UK and around the world, this solution can be quickly adapted to meet those requirements. It is also a good fit for banking organizations seeking to innovate business practices in an open banking, API-centered model. But the base solution isn’t restricted to Banking – Prolifics has also extended the underlying IBM solution to provide capabilities for other industries such as Open Insurance and FHIR for Healthcare.
Prolifics Blockchain Solution Recognized in Blockchain-Supported Interoperability for Healthcare Solution Category
Prolifics Blockchain Solution is a product of our Innovation Center. Recognizing that blockchain will be a highly sought-after technology, the Innovation Center drew on our healthcare expertise to create demonstration scenarios for the healthcare industry. Blockchain benefits for healthcare include a unified, secured view of data across disparate healthcare entities, provisioning of information necessary for patients to make informed decisions, and overall streamlined claims processing. In short, the outcomes of this solution lead to improved revenue cycle management along with enhanced patient relations.
The solution is currently being leveraged within the healthcare industry to build a blockchain network across multiple business units. This solution will deliver a variety of benefits to the involved organizations, including real-time transparency, customer-centricity, cost savings and business agility.
While the healthcare industry is our immediate focus for this innovative blockchain solution, it is directly applicable and viable across multiple industry segments.
To learn more about Prolifics, visit our website at prolifics.com.
Meet Archie, the digital worker that will help you and your team process PPP loans faster and with better accuracy – so you can relieve some of the stress on your employees and make sure your customers stay satisfied.
The CCPA (California Consumer Privacy Act) helps give Californians new rights to autonomy over data they generate. It went into effect on January 1, 2020. This act is the first major US privacy legislation that is being enacted after the European GDPR (General Data Protection Regulation), which became effective in May 2018. While some have called the CCPA the California GDPR, there are some differences.
CCPA vs. GDPR
Even though Nevada and Maine have passed different privacy legislation or amendments to existing laws, the CCPA is the first statewide privacy legislation in the country. The CCPA is of different magnitude than other laws and other amendments to laws. This law in California changes the way residents can handle their own data. It can empower them with new rights in order to request businesses delete or disclose the data that has been collected or they can completely opt out of third-party data sales. The law now creates new requirements for commercial entities that are doing business in California. Whether or not a business falls under these new requirements depends on a set of definitions. The main requirement under this is that the businesses are to provide consumers with information about how their data has been processed, collected, and sold in the past 12 months.
While the CCPA only affects one state, the GDPR is a European Union law that is for all 27 member-states. This law controls how companies, organizations, and websites are allowed to handle personal data. Personal data can be anything from browser history and email addresses to location data, names, and other things. If you have a website with visitors from the EU and you have a third-party service, such as Facebook or Google, that processes personal data then this law states that you need to first get prior consent from the user. In order for the consent to be valid, it needs to be based on clear information about the duration, extent, and purpose of the data processing. For example, if you are doing this through a cookie consent banner then the banner can’t have any pre-checked boxes. This law actually applies to any website in the world, regardless of where you are located and from where you are operating. If you get any visitors from the European Union then you need to be in compliance. Even if the website is in California but gets visitors from the EU, it still needs to follow the GDPR.
Overall Comparison of CCPA vs. GDPR
CCPA is more about creating transparency and giving rights to consumers while GDPR is more focused on creating a “privacy by default” framework. The GDPR instead creates a door for a user to lock so that none of their data can be processed. The CCPA creates a window that allows a consumer to find out where there data has been sold to a third party or gathered by a business.
Legal Bases
The GDPR requires that businesses, websites, and companies have a legal basis for processing personal data in the EU. The first legal basis is consent. However, the CCPA doesn’t have this same framework. Under the CCPA, a business doesn’t actually need prior consent from a user before they process the data and a website doesn’t need any prior consent from a user before they sell the data to a third party.
Main Rights of Each Law
Both of the laws deal with some main rights that include the right of access, to be informed, and portability. The minor difference between the two is the right of prior consent and the right to opt out. These can almost be seen as the same since the right to opt out is also included in the right to withdraw consent.
When you compare the right of each one closely, it’s prior consent that makes all the difference. Prior consent is exclusive to GDPR. With this, it can create the legal framework across the European Union that is based on privacy first with user control.
What Do the Laws Deal With?
Both laws define things a bit differently. The CCPA deals with personal information and this is information that relates to, describes, identifies, or is capable of being associated with a particular consumer or household, whether it’s linked directly or indirectly. The GDPR deals with personal data or any information related to an identifiable natural person indirectly or directly. The CCPA definition is more personal and this means it includes data that isn’t necessarily individual specific but can also be categorized as household data. However, the GDPR does have a special category of data that is called Sensitive Personal Data.
The GDPR has created six different legal grounds for processing personal data. However, the CCPA doesn’t have any for processing that data in the state. This means that businesses can process data as they want, unless a customer actually exercises their right to opt out of having the data sold. This is shown in the requirement for businesses to provide a link or button on the website that says, “Do not sell my personal information.” By clicking this button, consumers can opt out of these third-party data sales.
Who Do the Laws Apply to?
The laws have some differences on who is affected, whether it’s individuals or businesses.
Data Subjects vs. Consumers
The CCPA gives rights to consumers and this is a person who is a California resident. The GDPR protects what are known as data subjects, defined as identifiable or identified natural persons. A data subject can be any person and doesn’t necessarily have to be a EU citizen or resident. For example, if an American citizen is traveling in the EU and their data is processed while there, he or she is then protected by the GDPR. The companies that process the data, even if they are outside the EU, still have to comply if they are offering services to data subjects within the union.
Scopes of the GDPR and CCPA
Both laws have extraterritorial scope. The CCPA applies to companies that fit the definition of a business, whether or not the company is actually located in California. A business, according to the law, is a for-profit entity that collects personal information, does business in California, and determines the means and purpose of processing. They must meet one of these thresholds: process information for at least 50,000 Californians every year, annual revenue over $25 million, or gets 50% or more of its revenue from the sale of personal information. This definition excludes a lot of websites, organizations, and companies that do process personal data of Californians and still allows them to do business as usual.
A company that is based in Europe can still fit into the definition of a business under the CCPA and is obligated to comply the law. The GDPR applies to organizations, companies and websites in the world if they offer services or goods to individuals within the EU. The difference is that the GDPR actually protects the data subject who happens to be in the EU at the time of the processing or collection of data. However, the CCPA only protects you if you fall under the definition of being a California resident.
The GDPR doesn’t set any restrictions for the size of profit of the data collectors. A data controller, according to the law, is just any entity that processes or collects data in the European Union. This can include any company, organization or business, and website. This is one of the main differences between the two laws and the GDPR has a much broader scope. The GDPR protects more people.
Enforcement of the Laws
When it comes to the enforcement of the laws, both are similar but there are some differences.
The GDPR is enforced by monetary penalties issued by the national data protection authorities. Penalties can be as high as 4% of a company’s global annual turnover or 20 million euros, whichever is higher. The fines are determined by the gravity, nature, and how long the infringement was. So far, the highest fine has been 50 million euros. The CCPA is being enforced by the Attorney General of California, also with monetary penalties. However, the monetary penalties for the CCPA are much smaller than ones issued for violating the GDPR. There is a maximum of $2,500 per violation.
According to the GDPR, it’s the national data protection authorities that have the task for offering guidance and promoting awareness to organizations and companies on how to be GDPR compliant. The EU data protection authorities have the ability to conduct audits of companies that could be in breach of the GDPR. They are allowed to order data controllers to comply and issue warnings. With the CCPA, there aren’t as many supervisory opportunities and it’s up to the state’s Attorney General to start any investigations. The Attorney General is expected to have created regulations to specific areas of supervision and enforcement by July 2020.
The CCPA and GDPR do a lot to help with privacy but there are more limitations to the CCPA than there are the GDPR and each law works a bit differently.
Did you hear about that last big data breach? It’s a question posed more and more frequently these days, as the exposure of supposedly safe information repeatedly makes its way into the hands of malicious hackers. Neither banking information nor social security numbers are exempt, and if you recently signed up online to discreetly cheat on your spouse, beware: That information is not as secure as you think it is, either.
As data breaches go, 2019 was a bad year. In the first six months alone, the number of breaches far surpassed those in 2018, meaning roughly 3,800 breaches occurred. These breaches exposed an estimated 4.1 billion records, just from January through June. That’s a lot of credit card numbers, expiration dates, and CVVs being released into the wild. But data breaches are not new. They’ve been happening for years, compromising your data privacy in ways you never realized.
And it’s not only your financial information that’s at risk when a hacker attacks your favorite online shopping service. Your home address could be getting out there, too, along with your encrypted passwords and answers to your security questions.
Data breaches put us all at risk of horrors we’d rather avoid, such as identity theft and unauthorized charges on our credit accounts. Hackers compile the data they steal during a breach, package it up nicely, and sell it off to the highest bidder. The more complete your information — the bigger the payout.
Data breaches affect billions of people each year, including you, your loved ones, and your favorite brands. We’ve compiled a list of the 10 worst data breaches in recent history. If you frequent these establishments or use these services, odds are good that the information you provided is no longer secure:
1. Yahoo, August 2013
Even today, the 2013 attack on Yahoo stands as the worst data breach in history because it affected every single one of the 3 billion accounts stored on its server.
Customer names were compromised, as were their dates of birth, telephone numbers, and encrypted passwords.
2. Yahoo, December 2014
Shockingly, in December of 2014, Yahoo was attacked again. Email addresses were exposed this time, along with names, dates of birth, encrypted passwords, security questions, and telephone numbers. This time the data breach affected 500 million accounts, but worse? Yahoo kept news of the breach undisclosed for two years.
Members of the Russian Federal Security Service were ultimately charged with the crime, and the Securities and Exchange Commission (SAEC) fined Yahoo for failing to warn its consumers.
3. First American Financial Corporation, May 2019
In mid-2019, First American Financial Corporation suffered a data breach of their own design. It wasn’t hackers who exposed private consumer information in the incident, but rather a defect in a production application that made secure information available to anyone accessing the site.
Bank account numbers, bank statements, mortgage papers, tax records, social security numbers, drivers license images, and wire transaction receipts were accidentally made public. allowing users to access mortgage loan information dating back to 2003. Experts estimated roughly 885 million accounts were compromised in the incident.
4. Marriott International, 2014-2018
In 2018, hotel giant Marriott International alerted users to a data breach that had apparently been going on for four years. Hackers first accessed their Starwood Guest Reservation Database in 2014 and began stealing information that included names, email addresses, phone numbers, passport numbers, addresses, dates of birth, gender, loyalty program information, credit card numbers, and expiration dates.
Then, in January of 2020, Marriott was hacked again, and 5.2 million users had names, affiliations, employer names, hotel preferences, gender, age, home addresses, email addresses, and loyalty information compromised.
5. Facebook, 2019
In April of 2019, Facebook disclosed a massive data breach that affected the information of roughly 540 million users.
According to reports, it was the actions of third-party app developers who released private data that included account names and IDs, friends, photos, location check-ins, and reactions to comments.
6. Adult FriendFinder, October, 2016
In 2016, a data breach in a self-described “sex and swinger community” exposed the private information of roughly 339 million users. Embarrassingly enough, the information included usernames, email addresses, passwords, and dates of the user’s last visit to the site.
Even accounts that had been deleted were exposed in the hack. Sadly, the breach in 2016 wasn’t the first for Adult Friendfinder. Just a year prior, 4 million accounts were exposed and information leaked, including a user’s sexual preference.
Wrapped into the 2016 breach were another 69 million accounts from sites such as Cams.com, Penthouse.com, iCams.com, and Stripshow.com — all companies tied to Adult Friendfinder. The same identifiable user information was leaked, including VIP status, IP addresses, browser information, and whether items had been purchased. The breach is thought to have been generated by Russian hackers.
7. Zynga, September, 2019
The name may not be instantly recognizable, especially for those who don’t frequent the boredom-busting games on Facebook. For Farmvillers and those who play Words With Friends, however, Zynga is a household name. The mobile gaming app was hacked in late 2019, exposing the information of 218 million users.
The information leaked and sold contained Facebook and Zynga IDs, usernames, password information, and telephone numbers. The apps hacked were Draw Something and Words With Friends. Eventually, a hacker from Pakistan claimed responsibility for the breach.
8. Aadhaar, March, 2018
In 2018, a government site in India was hacked and personal identifying information exposed that is estimated to have affected 1.1 billion registered users. The site is a national ID database, containing both reported and biometric information on Indian citizens.
The information leaked contained ID numbers that are similar to U.S. social security numbers, names, and linked accounts. It’s still unclear whether thumbprint or iris scan information was made available.
9. Verifications.io, February, 2019
If you’re a company who regularly sends out newsletters or email marketing campaigns, you may use a service such as Verifications. io. This service checks email addresses to ensure they’re valid and not fake.
This helps prevent you from wasting valuable time and resources sending content to users who don’t exist, and it’s a big help to anyone who reaches consumers through email.
In February of 2019, however, Verifications, io was hacked, and email addresses of roughly 763 million users were exposed. In addition to email addresses, researches found additional bits of odd information that should not have been readily accessible.
These included mortgage amounts and loan interest rates, genders, dates of birth, and various social media log-in information.
10. eBay, May 2014
Even online auction sites aren’t safe from malicious hacking. In May of 2014, online giant ebay admitted they’d been hacked earlier in the year. Among the information exposed were passwords, names, email addresses, physical addresses, phone numbers, and dates of birth.
The breach was discovered by an eBay technology officer who noticed odd activity on the company’s network. And while eBay has repeatedly claimed that no financial information was exposed, they did ask users to update their passwords.
The eBay data breach may not seem like as big a deal as other recent breaches, but for users who have the same password across multiple sites, it opens up a back door for tech-savvy hackers to do quite a bit of damage.
Protect Your Online Data Privacy
Nearly everyone in America has an online presence today. Whether you shop online at national retailers such as Amazon and Walmart, or you regularly log in to Facebook to see what the neighbors are doing.
And just because your favorite website doesn’t have your financial information, doesn’t mean you can’t be compromised by a breach in data privacy.
When hackers obtain personal information such as your email address or telephone number, it becomes much easier for them to send phishing emails or to make phishing calls to glean more information.
Additionally, if you use the same password over and over across multiple sites, you’re letting yourself open to widespread damage.
To protect your online data experts recommend these tips:
Put passcodes on all your mobile devices. There’s a lot of information stored your phone, laptop and tablet, and if you leave one behind at the cafe and it’s not passcode-protected, whoever picks it up could easily access too much of your life, including your online banking app, and your social media logins.
Use different passwords. Probably the easiest way to help limit the damage from an online data breach is to use separate passwords across all sites you frequent. Then, when one site becomes compromised, you won’t have to change passwords everywhere else.
Amp up your privacy settings on social media. Some social media sites, such as Facebook, are continually making improvements and changes across their platforms. Unfortunately, not all those changes are helpful for users. This is why it’s important to stay on top of your privacy settings. Be careful who has access to your location check-ins, photos, and more.
It’s impossible to completely protect yourself and your information from an online data breach, but by being a bit more tech-savvy, you can certainly lessen the damage. Use these tips to help protect your data privacy while online.
