The California Consumer Protection Act Increases the Cost of Data Breach and the need for Multifactor Authentication

jmacinnis's picture

California Governor Jerry Brown signed into law the California Consumer Privacy Act (CCPA) of 2018 on June 28, 2018. The law pertains to businesses that collect personally identifiable information (PII) in the State of California. Businesses found violating CCPA including security breaches, may be charged with statutory damages as well as civil penalties of up to $7,500 per violation.

The intent of CCPA is to protect the privacy of California consumers and requires businesses to safeguard CA consumers’ PII and holds them accountable if such information is compromised as a result of a security breach.

As the cost of data breach grows, businesses are reevaluating their security practice including authentication strategies. According to Verizon’s 2017 Data Breach Investigations Report, in 2016 81% of confirmed data breaches involved weak, default or stolen passwords. The problem with password authentication lies in the fact that passwords are simply static information that can be easily stolen and used by anyone from anywhere.

In today’s threat landscape, passwords alone are insufficient. Multi-factor authentication combining passwords with physical devices adds a layer of strong security to help protect organizations from password theft.

Security experts are now of the opinion that certificate-based authentication using PKI is the best way to provide strong multi-factor authentication. In the past certificate-based authentication, which relies on PKI was considered to be complex and hard to manage. It turns out that a well-designed and modern implementation of certificate-based authentication can be easy to use, provide a higher degree of security, deliver flexibility in enabling a role-based security policy and can be very cost effective.

At HID Global, we have technical experts on hand to walk you through our industry-leading secure identity solutions and preview some newer solutions that are still under wraps. You can also find out how HID SAFE Physical Identity Access Management software can help you improve both physical and digital access across many sites and provide continuous diagnostic and mitigation with security intelligence.  

For more information on our multi-factor authentication solutions including mobile authenticators, visit our Identity Management Solutions portfolio page.