As the debate around data privacy increases, new legislation in North America and around the world could change the paradigm of information protection.
In 2020 alone, more than 10 U.S. states passed laws requiring increased levels of administrative control over the personal data of their residents. Industry experts like Gartner project a major leap in data privacy regulations in the next three years—from 10% of the world covered by some form of legislation in 2020 to 65% in 2023.
Even China is working on an overarching data security law that could increase consumer protection and reconfigure the outlook for worldwide global standards, similar to how the European Union’s General Data Protection Regulation (GDPR) laid a new foundation when it became enforceable in 2018.
The goal with many of these laws is to deliver a comprehensive layer of data privacy and security expectations. In North America, it won’t be easy to immediately change data protection policies for the thousands of businesses and millions of consumers that stand to be impacted—especially since California and New York are two states passing legislation that affects their combined populations of 48 million people.
But if the rollout of GDPR is any indication, such changes will eventually become codified—a rising tide will lift all boats scenario where even a small business in one part of the United States will want to abide by new rules so they can access customers in other states and countries.
In addition, adherence to data privacy regulations is becoming a must from a financial standpoint. Global retailer H&M was recently fined $41 million because a service center in Germany inadvertently compromised the private information of just a few hundred employees located in stores around the world.
That’s why taking the initiative now to better defend your company’s data is critical to both short- and long-term success. This year, understanding data privacy regulations can help you be in compliance with new laws. Next year, that work will meet the expectations of your customers as they come to anticipate a new level of information protection.
So what can your business do to meet the new need for enhanced data privacy protections?
1. Understand the broad requirements of your state, your province, or your area of business.
Because so many states with large populations and dynamic economies have passed new regulations, the rising tide of data privacy could spread nationwide. That would help the United States catch up to Canada, which passed the Personal Information Protection and Electronic Documents Act (PIPEDA) way back in the late 1990s, and the European Union, which raised the global bar for data privacy with its General Data Protection Regulation (GDPR) in 2018.
2. Decipher the specific tasks called for in new data privacy regulations.
Although California’s Privacy Rights Act of 2020 and New York’s Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, are different, they both share core similarities. These include properly defining personal information, requiring protection of that information, empowering consumers to take control of their data, and compelling businesses to notify consumers of data breaches. Once you understand those needs, you can move forward as necessary with your data privacy enhancements.
3. Make a smart decision about which enhancements should come first
Depending on location, industry, and company culture, the first steps could be different. Maybe you want to work with a trusted IT partner to coordinate a data security program and identify potential data risks. Maybe you want to train and manage employees in cybersecurity best practices. Maybe you need to proactively detect, prevent, and respond to attacks, intrusions, and system failures. Every business will want to proceed in a different way, and a reliable IT partner like CMIT Solutions can help you make the right first move.
4. Take data storage seriously.
Many of the biggest data breaches and cybersecurity hacks come when data is stored poorly—yes, sometimes it can be that simple. That’s why it’s so important to have robust policies in place for data backup, transit, and disposal. This includes what kinds of backup devices your data is stored on, how strong the end-to-end encryption protecting it is, and how thoroughly old servers, networks, and machines are wiped when they go out of service. CMIT Solutions can help you assess the risks of data storage, protect against unauthorized access, and solve small issues before they turn into major problems that could cost your business money.
This year alone, other data privacy regulations have gone into effect in Nevada, Maine, Massachusetts, New Jersey, Maryland, Oregon, Texas, and Washington. If your business is based in one of those states or does business with other companies in one of those states, you may need to take action to be in compliance.
Want to know more about state-by-state laws governing data privacy—and the international potential for more laws to come? Want to stop data breaches before they happen—and avoid costly penalties that can hit your company’s bottom line? Contact CMIT Solutions today.
We work with businesses across North America to safeguard important business data, defend system networks and devices, and train employees about new cybersecurity regulations. We take data privacy laws seriously and commit ourselves to helping our clients meet compliance requirements—before it’s too late.