Federal Data Privacy Laws Are Coming

Today’s business environment is littered with regulations regarding the protection of consumer data. Many are created to be industry specific such as HIPAA or PCI DSS. These make sense to have in place but because many businesses deal with multiple types of data, they must conform to many separate regulations. This quickly becomes confusing as all of them overlap to some degree, but each has distinct rules for safely handling data. This problem has become even more murky with the implementation of GDPR in the European Union. GDPR is the harshest data protection legislation so far, and has caused businesses massive headaches. Some companies simply started refusing to do business with anyone within the EU, so as to shield themselves from GDPR fines. Unfortunately for them, more data protection regulations are coming to the United States. The most recent development was the California Consumer Privacy Act in June last year. This law will be enacted in early 2020 and will give consumers more control over what data companies collect on them. People will be able to inquire to see what data is collected, who it is being shared with, as well as request it to be deleted. It seems unlikely that businesses will be able to cease doing business with the entire state of California, so they must adapt. However, what happens when the regulations across states begin to differ? If a law in California mandates one thing and a law in Arizona mandates another, you’ll have to follow the stricter of the two laws.

As a result we are seeing data protection laws beginning to be pushed to the federal level. Businesses are beginning to realize that this could in fact be a good thing. In fact, a blanket federal data protection regulation will actually make it much easier and cheaper to remain compliant. Some companies, including Apple and Cisco, are have voiced their support for the legislation because then they can have some consistency for their data protection efforts. The proposed federal data protection laws resemble GDPR and the California regulations. However, it is clear that the United States is very different from the European Union in terms of business culture. A GDPR-like regulation here would make it extremely difficult for businesses to operate without drastically changing their practices. This is highly unlikely to happen as big businesses have a heavy influence within Congress. A federal data privacy law would most likely resemble the California law, with some requirements stripped away. A strict law would be very expensive to enforce and therefore unlikely as cybersecurity is not this administration’s top priority. The federal regulation will most likely mandate that consumers can request information about their data and delete it if they choose. There will also likely be harsher punishments for data breaches because there have been so many high profile breaches in the news recently. What is unlikely to show up are the GDPR requirements of opting in to data collection because of the lobbying from tech companies. Companies will just have to be careful in what they do with data because they will have to be transparent about it later. This will require some extra planning so that they can track where data is and is not. In addition, it will become more important than ever to secure data properly so as to avoid unnecessary fines.

SecureCircle protects your data regardless of location including on-premise file servers, edge devices like phones and laptops, as well as public and private cloud storage. Over the past year, we’ve heard overwhelmingly positive feedback from compliance officers and auditors because as a byproduct of data protection that works everywhere, SecureCircle is also able to track files at all times. Protection and visibility for your company’s sensitive data. Visit our website to learn more about what we do.