How new laws change the data game for businesses across North America
As the debate surrounding privacy increases, new laws in North America and around the world could change the information protection paradigm.
In 2020 alone, more than 10 US states passed laws mandating increased levels of administrative control over the personal information of their residents. Industry experts like Gartner predict a huge leap in privacy regulations over the next three years – from 10% of the world covered by some type of legislation in 2020 to 65% in 2023.
Even China is working on an overarching data protection law that could improve consumer protections and reconfigure the prospect for worldwide global standards, much like the European Union’s General Data Protection Regulation (GDPR) laid a new foundation when it became enforceable in 2018.
The goal of many of these laws is to provide a comprehensive level of privacy and security expectations. In North America, immediately changing privacy policies will not be easy for the thousands of businesses and millions of consumers that will be impacted — especially since California and New York are two states passing laws that affect their combined population of 48 million people .
But if the introduction of GDPR is any indication, such changes will eventually be codified – a rising tide will raise all boats – a scenario where even a small business in one part of the United States wants to conform to new rules so they can access customers receive other states and countries.
In addition, compliance with data protection regulations is becoming more and more of a must from a financial point of view. Global retailer H&M was recently fined $41 million after a service center in Germany accidentally compromised the private information of just a few hundred employees at stores around the world.
That’s why taking action now to better protect your organization’s data is critical to both short- and long-term success. This year, understanding privacy regulations can help you comply with the new laws. In the next year, this work will meet the expectations of your customers who expect a new level of information protection.
So what can your organization do to meet the new need for enhanced data protection?
With so many states with large populations and dynamic economies enacting new regulations, the rising tide of privacy could spread nationwide. That would help the United States catch up with Canada, which passed the Personal Information Protection and Electronic Documents Act (PIPEDA) way back in the late 1990s, and the European Union, which raised the global bar on privacy with its General Data Protection Regulation (GDPR) in 2018.
Although California’s Privacy Rights Act of 2020 and New York’s Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, are different, both share fundamental similarities. These include properly defining personal data, requiring that information be protected, empowering consumers to take control of their data, and requiring businesses to notify consumers of data breaches. Once you understand these requirements, you can drive your privacy improvements as needed.
Depending on the location, industry and corporate culture, the first steps can be different. You might want to work with a trusted IT partner to coordinate a data security program and identify potential data risks. Perhaps you want to train and manage employees on cybersecurity best practices. You may need to proactively detect, prevent, and respond to attacks, intrusions, and system failures. Every business wants to do things differently, and a trusted IT partner like CMIT Solutions can help you take the right first step.
Many of the biggest data breaches and cybersecurity hacks occur when data is stored poorly — yes, sometimes it can be that simple. This is why it is so important to have robust data backup, transfer and disposal policies. This includes what types of backup devices your data is stored on, how strong the end-to-end encryption is that protects it, and how thoroughly old servers, networks, and machines are wiped when they are out of service. CMIT Solutions can help you assess data storage risks, protect against unauthorized access, and fix small problems before they become big problems that could cost your business money.
This year alone, additional data protection regulations have enacted in Nevada, Maine, Massachusetts, New Jersey, Maryland, Oregon, Texas and Washington. If your company is located in one of these states or does business with other companies in one of these states, you may need to take steps to comply with the regulations.
Interested in learning more about state privacy laws and the international potential for more legislation? Do you want to stop data breaches before they happen – and avoid costly penalties that can impact your company’s bottom line? Contact CMIT Solutions today.
We work with organizations across North America to protect critical business data, defend system networks and devices, and educate employees on emerging cybersecurity regulations. We take data protection laws seriously and are committed to helping our customers meet compliance requirements – before it’s too late.
See more new articles in category: GUIDES