Most data privacy laws require organisations to ensure a high level of security for the personal data they collect in order to prevent unauthorised access to it. GDPR’s concept of “Privacy by design and by default” supports the idea that security should be a core part of an organisation from the beginning, not added afterwards.
The regulation suggests certain methods such as encryption, anonymization and pseudonymization, but also specifies that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.
California Consumer Privacy Act also requires businesses to maintain “Reasonable Data Security and Privacy” regarding California consumers’ personal data. Encryption and deidentification are two of the methods suggested within the law. Under the CCPA, consumers whose personal data was kept non-encrypted and was subject to unauthorised access, disclosure or theft, benefit from a private right of action.
Clym is built with security in mind, based on the “Security by design and by default” principle, our infrastructure being secured through a defense-in-depth layered approach.
Ref: GDPR – Article 25, 32, Recital 78