California’s Privacy Revolution: How Los Angeles Businesses Can Navigate the 2024 Cybersecurity Compliance Landscape Without Breaking the Bank
California continues to lead the nation in data privacy protection, and 2024 has brought significant changes that Los Angeles businesses cannot afford to ignore. The California Consumer Privacy Act (CCPA) has been amended by the California Privacy Rights Act (CPRA), which added new privacy protections that began on January 1, 2023, and enforcement of updated CCPA regulations commenced on March 29, 2024, by the newly established California Privacy Protection Agency.
The New Reality: Mandatory Cybersecurity Audits Are Coming
One of the most significant developments for Los Angeles businesses is the introduction of mandatory cybersecurity audits. The compliance deadline for initial audits ranges from April 1, 2028, to April 1, 2030, depending on the size of the business, with companies with annual gross revenues under $50 million in 2028 required to conduct cybersecurity audits by April 1, 2030.
The duty to conduct audits applies to any business whose processing of personal information presents a “significant risk to consumers’ security,” which includes businesses that derive 50% or more of their annual revenue from the sale or sharing of personal information, or process the personal information of more than 250,000 consumers or households.
What Los Angeles Businesses Must Know About Risk Assessments
The regulations significantly expand privacy compliance obligations by embedding proactive risk management into the core of data processing activities, requiring businesses to evaluate their data practices through the lens of privacy risk by developing internal protocols for identifying covered activities, conducting structured risk assessments, and maintaining documentation to demonstrate compliance before initiating certain operations.
Businesses involved in some processing activities must conduct risk assessments before processing, as the covered activities are considered to pose a significant risk to consumers’ privacy. Examples of processing activities that present “significant risk” to consumers’ privacy include selling or sharing consumer personal information, processing sensitive personal information, using automated decision-making technology to profile or make decisions with “legal or similarly significant effects” about a consumer, and knowing processing of personal information of consumers under the age of 16.
The Los Angeles Cybersecurity Threat Landscape
Los Angeles businesses face real and growing cybersecurity threats. Los Angeles has recently experienced several significant cyber attacks affecting various sectors, including a DDoS attack on Los Angeles International Airport (LAX) on February 12, 2024, a major ransomware attack on the Los Angeles Unified School District (LAUSD) resulting in the leak of thousands of files, and the Port of Los Angeles reporting a doubling of cyber-attacks since the pandemic.
According to IBM’s Cost of a Data Breach Study, the average breach cost in 2023 was $4.5M, which reflects the loss potential and the importance of a comprehensive cybersecurity program.
Compliance Requirements: What You Need to Do Now
The CCPA secures new privacy rights for California consumers, including the right to know about personal information a business collects and how it is used, the right to delete personal information, the right to opt-out of sale or sharing, and as of January 1, 2023, consumers have additional rights such as the right to correct inaccurate personal information and the right to limit the use and disclosure of sensitive personal information.
For cybersecurity audits, businesses should begin identifying and developing cybersecurity policies and procedures to address the prescriptive new requirements, as businesses outside of highly regulated sectors are likely to find that their current policies and technical and operational security controls will need significant upgrades to meet these new standards.
How Professional IT Support Can Help
Navigating these complex requirements doesn’t have to be overwhelming. Professional Cybersecurity Los Angeles providers like IT Pros Management understand the unique challenges facing Los Angeles businesses. Since 2011, IT Pros Management Inc. has been providing highly rated technology solutions to companies in Los Angeles, Ventura and Orange counties, committed to making sure small- and medium-sized businesses and not-for-profit organizations receive IT support that’s professional and affordable.
Their comprehensive Cybersecurity Services include AI and Machine Learning-powered defenses, multi-layered protection, advanced endpoint security, and dark web monitoring to ensure data is safeguarded from sophisticated cyber threats, coupled with proactive support and user education.
Practical Steps for Compliance
Businesses should review the extent to which their activities are implicated under the new requirements, evaluate technology and AI usage to determine if it constitutes automated decision-making technology, and prepare to update their website privacy notices, internal data security policies, audit procedures, and opt-out forms as needed to reflect these updated requirements.
The CCPA explicitly requires training for personnel handling personal information as a requirement, not a nice-to-have, and businesses should conduct regular training sessions to ensure their people know how to comply with the CCPA as part of their compliance strategy.
The Bottom Line for Los Angeles Businesses
The regulations adopt rigorous privacy and cybersecurity standards that will expand the scope of requirements for most businesses subject to the CCPA and are likely to become the benchmark for US privacy and cybersecurity compliance. Although the first cybersecurity audits will not be required until 2028, companies that do business in California should be mindful of this significant development in privacy and cybersecurity law.
The key to success is starting preparation now. IT Pros Management’s mission is to deliver the latest technology consulting, IT services, maintenance, and IT support as a highly cost-effective IT solution to maximize clients’ productivity and profitability, specializing in working with fast-growth companies and dedicated non-profits, understanding the incredibly hectic and stressful work schedule and why it’s critical to remove obstacles, frustrations, and technical problems to keep businesses productive.
With the right preparation and professional support, Los Angeles businesses can turn compliance requirements into competitive advantages, ensuring they’re protected, compliant, and positioned for growth in California’s evolving privacy landscape.