Beware the
Handyman Syndrome

What you need to know about the CCPA (Cont. from p. 1)

were disclosed/sold and what type of third party received the data.

  • Upon a consumer’s request, you will be obligated to provide a copy of the specific personal data you’ve collected about them during the 12 months before their request.
  • Upon a consumer’s request, you must delete the personal data you’ve collected about them (with a few exceptions).
  • Upon a consumer’s request, you must not sell their personal data to third parties.
  • You cannot discriminate against a consumer who has exercised these rights.

“The journey to CCPA compliance is unique to each enterprise.”

Why the CCPA matters

“This new law is a game-changer,” says Shawn. “Still, it’s far from clear just how it will all play out.”

Consumers can seek actual damages on a per consumer per incident basis, he explains. “But the law also has a notice-and-cure provision that, essentially, gives a company thirty days to fix things.”

Longer term, Shawn expects the CCPA to significantly influence national consumer data privacy policies. “More immediately, however, this law will force enterprises to substantially rethink how they use and secure personal data.”

The CCPA’s notice-and-cure provision might tempt you to complacency. “But beware,” Shawn warns. “If your data and security practices aren’t already CCPA-adapted when you receive a thirty-day notice, you’re unlikely to ‘cure’ in time.”

What you can do now

“The CCPA is going to force many organizations to rethink the personal data they collect as well as how they retain and protect it,” Shawn says. “And that effort must extend beyond your IT team to your top leadership, which will have to reconsider how the business is allowed to use personal data as well as what is required to keep that data secure.”

The journey to CCPA compliance is unique to each enterprise and, Shawn believes, “avoiding noncompliance fines will require attuned business leadership working with experts. Ask yourself whether you have the necessary cybersecurity and IT infrastructure skillsets — because attempting to DIY your CCPA compliance could be dangerously risky.”

What do a dishwasher and Office 365 have in common? Both must be installed correctly to avoid a flood of problems.

In the case of the dishwasher, an incorrect hose hookup produced a kitchen floor flood. In the Office 365 case, ports opened to facilitate its installation were never closed, enabling a flood of nasty malware, including ransomware.

The culprit in both cases? The Do-It-Yourself culture that convinces us anyone can tackle any job.

It’s easy to see the appeal of the handyman approach, especially when the focus is on possible savings. Unfortunately, when things go wrong, the Y in DIY becomes a painful reminder of what you don’t know.

For our homeowner with the failed dishwasher installation, the cost was minor: some cleanup, a loss of handyman pride, and a bill for the proper installation from the local appliance professional.

The Office 365 case — and its resulting cost — was far more serious.

So a word of caution when deciding between when to DIY and when to call in help: before you tackle any project, ask yourself if you already have the skillset needed to do the project — because learning as you go is not an option when dealing with your organization’s IT infrastructure.

And if you’re still swayed by the possibility of DIY savings, take a glance at what other items on your to-do list willTim Burke CEO end up delayed or abandoned because you’re busy DIYing.

DIY can seem attractive, but it has hidden costs you need to consider.