now browsing by tag


#cybersecurity | #hackerspace | CCPA: Salesforce Administrators Must Rethink Backup

Source: National Cyber Security – Produced By Gregory Evans

The California Consumer Privacy Act (CCPA) went into effect starting January 1, 2020. Salesforce administrators must re-examine the way personally identifiable information (PII) is processed.

The CCPA lists Salesforce as a service provider. A for-profit entity that processes a customer’s personal information on behalf of another business (your business), which uses customer data for commercial purposes.

That said, Salesforce is not responsible for the personal information — it’s you, and only you. According to the new Salesforce Data Processing Addendum (DPA):

Customer shall have sole responsibility for the accuracy, quality, and legality of personal data and the means by which customer acquired personal data. Customer specifically acknowledges that its use of the services will not violate the rights of any data subject that has opted-out from sales or other disclosures of Personal Data, to the extent applicable under the CCPA.

You had 18 months to prepare since the time CCPA was signed into law. Time’s up!

Still unsure about the new compliance regulation? In that case, let’s start with defining CCPA.

CCPA empowers residents of the sunshine state to know exactly what personal information of theirs is collected and used by businesses. It gives people the right to delete personal information gathered by the business.

CCPA considers the following as personal information:

  • Demographic information (i.e. name, address, email)
  • A unique identifier, such as an IP address
  • Account or Social Security Number
  • Driver’s license or passport
  • Personal property records
  • Online activity
  • Biometric, geolocation, employment, and education data

If any of these is compromised, your business will be slapped with civil penalties up to $7500 for each violation, and the maximum fine for other violations is $2500 per violation. 

Salesforce Administrators Must Rethink Backup

Backed up data is treated somewhat differently under the California Consumer Privacy Act. If a business stores personal information on a backup system, it can delay compliance with the customer’s deletion request, until the next time the backup system is accessed.   

However, backed up data is very much covered by the CCPA law. Businesses subject under CCPA need a strategy on how to handle CCPA deletions of personal information in backup systems. 

Let’s say you have personal information of a customer stored in your Salesforce backup system. The customer wants to delete the data which can be done under the CCPA. Once you remove the data, you’ll need to work with an updated version of backup data. But, if you recover to a point before the deletion, you’d be restoring a backup version that includes the information that was supposed to be deleted. 

You just violated CCPA without even knowing it, and the penalties will apply to your business. 

Spanning Backup allows Salesforce administrators to know the state of the most recent backups that ensure CCPA compliance. Get a granular view of your backups, that includes counts of changes for most important object types, Salesforce API, along with backup and recovery notifications — straight from a single customizable Spanning dashboard. 

DISCLAIMER: This publication has been prepared by Spanning Backup to provide information of interest to our readers regarding the California Consumer Privacy Act. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. Spanning Backup does not provide legal advice. 

Learn More About Spanning Backup for Salesforce

Source link

The post #cybersecurity | #hackerspace |<p> CCPA: Salesforce Administrators Must Rethink Backup <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Protection against Magecart with new Instart Web Skimming Protection for Salesforce Commerce Cloud

Source: National Cyber Security – Produced By Gregory Evans Salesforce Commerce Cloud, also known as Demandware, is used by some of the worlds largest brands for marketing, customer interaction, and to process online shopping transactions. Given the importance of the platform, and the sensitivity of the data it handles, it is a popular target for […] View full post on

Salesforce Bulks Up Cybersecurity


Source: National Cyber Security – Produced By Gregory Evans

Salesforce is making a move to bolster its cybersecurity offerings with a new hire. Reuters reported on Monday (June 13) that Salesforce is bringing well-known computer hacking expert Trey Ford on board as the company’s head of trust. He will be responsible for running Heroku, Salesforce’s cloud-based platform for creating and deploying software applications. The […]

The post Salesforce Bulks Up Cybersecurity appeared first on National Cyber Security.

View full post on National Cyber Security