IT trends to watch: data privacy laws
Data privacy laws are legal frameworks that aim to protect the personal data of consumers.
Data privacy laws generally allow consumers to know what information a business collects about them, why the information is collected, and how the information will be handled. Laws also give people the right to determine Who can access their personal information.
Examples of data privacy laws include the Health Insurance Portability and Accountability Act (HIPAA), the payment card industry data security standard, the California Consumer Protection Act, and the General Regulation on EU Data Protection (GDPR).
Data privacy is often confused with data security, which focuses on protecting an organization’s technology and tools from cyber attacks.
Research firm Gartner predicts that modern privacy laws will cover the personal information of 75% of the world’s population by the end of 2023.
Compliance with data privacy laws
Companies must comply with regulatory data privacy requirements or face often significant fines. A violation of the GDPR, for example, can cost a business up to 20 million euros (over 22 million US dollars). A violation of HIPAA law can exceed $ 6 million.
To ensure compliance, organizations must align their information governance, processes, technologies, and people with data privacy requirements. According to Enza Iannopollo, senior analyst at Forrester Research, the best way to start is to follow these three general steps:
- Understand where data resides in your organization and what you are trying to protect;
- Map and analyze relevant regulatory requirements; and
- Translate legal constructs into controls, policies, behaviors, contracts, opinions and a shared culture.
When did data privacy become a priority?
Europe was ahead of the United States when it came to protecting personal data. Sweden passed the first federal privacy law in 1973, followed by Germany in 1978 and the UK in 1998. Recent years have seen a significant growth in data privacy laws, spurred by the entry into force of the GDPR in 2018.
More recently, India, China, Canada, Japan, Brazil and South Korea have adopted or are in the process of adopting data privacy regulations. The United States has seen data privacy gain traction in several states, including California and Virginia, and experts expect federal law to emerge.
Why are people paying attention to data privacy now?
As the COVID-19 pandemic has prompted companies to overhaul their business processes, many workloads have been moved to the cloud, making data and applications accessible to remote workers and third parties when needed. The increased accessibility of data through the cloud, while very beneficial, has created more risks for data privacy. As a result, many organizations and watchdog organizations have become concerned about the protection of privacy.
In the United States, data privacy laws are in effect. Several states are working on the adoption of laws. Congress discussed the creation of a federal privacy law as well as a new privacy office.
Who benefits from data privacy?
Data privacy laws, in addition to giving consumers peace of mind, can benefit businesses that meet compliance requirements. When a business demonstrates compliance, consumers and third parties can know their data is respected and secure, which means they’re more likely to continue doing business with the business.
What technology can help with regulatory compliance?
Under certain data privacy laws, companies may be required to provide customers with access to their personal data or to delete data at a customer’s request. These processes can be complicated, requiring not only an understanding of the specific privacy laws that apply, but also exactly where customer data resides.
Vendors have developed a class of technologies to help meet the challenges of data privacy laws. Sometimes referred to as privacy management software or data privacy platforms, these products often include features such as managing cookie consent, managing data subject rights requests, managing privacy policies and notices, and compliance checks.
Suppliers include Privitar, Anonos, Immuta, BigID, OneTrust, D-ID, Duality, Truata, TrustArc, Wirewheel, ZLTech, and Ethyca.