California Attorney General (AG) Kamala Harris (D) recently released a guide to "cybersecurity" for California businesses. Given the Golden State's leadership on privacy and data security policy issues, the survey, opinion and marketing research profession should always keep an eye on what's going on there.
The guide, "How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents," was developed in cooperation between her office, the California Chamber of Commerce, and mobile security company Lookout. It builds on the AG office's previously-released recommendations for data security.
Harris commented, "there are specific and straightforward steps that all small businesses can and should take to reduce their risk, as well as effective measures businesses can take to respond to cyberincidents should they take place. This Guide sets forth in plain language a few steps that any business can take to help protect itself, with a focus on small to mid–sized businesses that lack the resources to hire full–time cybersecurity personnel. These firms are particularly vulnerable."
State AGs are important but underappreciated players in data privacy and security in the U.S. Harris' role is more prominent than most, which is a reason she made recently made MRA's list of the top 10 government players in consumer data privacy.
The ten top-level cybersecurity recommendations, while common sense, should always be in the mind of a research professional, given our overwhelming reliance on personal data:
- Assume You're a Target
- Lead by Example
- Map and Encrypt Your Data
- Encrypt Your Data
- Bank Securely
- Defend Yourself
- Educate Employees
- Be Password Wise
- Operate Securely
- Plan for the Worst
In other California news, we are still waiting for Harris to release the AG's approved best practices guide for compliance with California's new Do Not Track disclosure law, A.B. 370, which came into effect on January 1.
What you can do
In addition to minding the AG's cybersecurity best practices, MRA members should review the states’ varying data security laws, work to involve all research company and organization employees in data security efforts, and use our checklist as a guide to prepare for responding to a hypothetical data breach. Reviewing the California AG’s recommended best practices for data security would be a good idea, too.