There is an increasing focus on data privacy, both in the U.S. and worldwide. Why are there more data privacy laws – and how can your company or organization stay ahead of the changing regulatory landscape? Read on to find out.
Why Data Privacy is a Focus
Consumers are taking a renewed interest in the privacy of their personal information. Instead of blindly giving all manner of personal data to companies and websites to do with as they please, consumers are becoming more circumspect about what they provide and how it can be used.
A survey by McKinsey & Company reveals that consumers have a fairly low opinion of how trustworthy companies are with their personal data, with most industries earning trust levels below 20%. Even more telling, 71% of those surveyed say they’d stop doing business with a company that gave away their personal information without permission.
This growing concern about data privacy has led to a spate of legislation designed to protect consumers’ personal information, especially online. Companies of all types now need to comply with a variety of data privacy regulations – with more that are sure to come.
Key Data Privacy Laws
Data privacy laws vary by location and industry. Some laws apply to companies that do business in a certain country or state or with that country’s or state’s citizens. Other laws apply to businesses operating in a specific industry, such as accounting or healthcare. Here are some of the most visible such regulations in effect today.
CCPA
The California Consumer Protection Act, or CCPA, is designed to protect the privacy of California citizens. It applies to any company that does business with citizens of the state of California, even if that business is based elsewhere. Violating the terms of the CCPA can result in fines of $7,500 per record affected.
GDPR
The Global Data Protection Regulation, or GDPR, is designed to protect the privacy of citizens of all countries in the European Union. It applies to any company doing business in the EU, even if that business is based elsewhere. (Which is why any U.S. company doing business in Europe needs to comply.) Like the CCPR, it applies to a variety of personal data, including customers’ names, home and addresses, phone numbers, and even IP addresses. Violating GDPR regulations can subject a company to fines of up to $20 million or 4% of its prior-year revenues.
HIPAA
The Health Insurance Portability and Accountability Act, or HIPPA, regulates the confidentiality and availability of patients’ medial records and other personal health information. It applies to healthcare providers and companies offering healthcare insurance plans.
FERPA
The Family Educational Rights and Privacy Act, or FERPA, regulates the privacy of student education records. It applies to schools and other educational institutions that receive funds from the U.S. Department of Education.
How to Comply with Data Privacy Laws
It’s important that your company or organization comply with all applicable data privacy laws. That applies even to regulations enacted in other states or countries, if you do business in those areas. There are several steps you can take to ensure full compliance, including:
- Identify all consumer data held by your company
- Establish clear data collection and privacy policies
- Secure all personal data against breach or attack
- Train all employees on data privacy and compliance
- Appoint a data privacy compliance officer
- Stay abreast of the latest data privacy regulations
How to Keep Up with New Data Privacy Laws
California isn’t the only state passing data privacy legislation. Because there is no similar federal legislation addressing consumer data privacy, this is an issue left to the individual states to regulate. To that end, Colorado, Utah, and Virginia have recently passed laws similar to California’s CCPA, with an additional 15 states actively pursuing similar legislation.
The move to regulate consumer data privacy isn’t just limited to the U.S. and the EU. Three-quarters of the world’s countries have either drafted or enacted some form of data privacy regulation, including Canada with its proposed Consumer Privacy Protection Act (CPPA).
How can your company or organization keep with these new and evolving data privacy laws? A good first step is to appoint a compliance officer who’s responsible not only for complying with current regulations but is also charged with keeping abreast with applicable new legislation as it is passed. This individual should tap into all available resources monitoring privacy regulations, including the International Association of Privacy Professionals and the National Conference of State Legislatures and adapt your organization’s policies to conform with newly enacted legislation.
Let Wickr Help Your Organization Focus Data Privacy
Data privacy involves both stored customer data and data shared during your employees’ communications and remote collaborations. To ensure the security of this data, turn to Wickr’s secure communications and collaboration platform. Wickr employs robust end-to-end encryption and other military-grade security to ensure that text, voice, and video communications remain secure both at rest and in transit. It’s one of the best ways to ensure compliance with the evolving landscape of data privacy regulations.
Contact Wickr today to learn more about data privacy and security.