Article
Data privacy legislation tightens across the globe
Aug. 20, 2018
With GDPR enforcement underway, eyes across the world turn to developments in data privacy legislation in the U.S. and India.
Since enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR) began on May 25, 2018, a flurry of activity in the data privacy realm has rippled across the globe. As the new gold standard in data privacy, the GDPR is not only the most stringent data privacy policy to date, it imposes the heaviest penalties for non-compliance. In the U.S. and in other countries, governments are borrowing concepts of the GDPR as they strive to protect their citizens and empower them to have better control of their personal data.
What this means for organizations
Organizations should take steps now to ensure they have proper access to privacy expertise in order to better understand how these developing regulations will affect their decisions, operations, processes/policies and compliance efforts.
California Data Protection Act
In June, the California state legislature signed the California Consumer Privacy Act of 2018, effective in 2020. The bill passed unanimously, reflecting widespread concern over data privacy. Like the GDPR, the California bill is a landmark policy in the data protection field, and while it may not be as comprehensive as the GDPR, it shares many similarities. Included policies in the California act enable consumers (referred to as data subjects) as follows:
- the right to know what private information is collected
- the right to tell companies to delete their personal data
- the right to tell companies to neither sell nor share it
As with other new data laws, breaches will incur serious fines with the potential to cost organizations millions.
U.S. data privacy policies on the horizon
A document by Senator Mark Warner, also recently in the news, provides options for Congress to meet U.S. data privacy objectives. Suggestions include many GDPR-like requirements, such as a 72-hour breach notification window and increased data subject rights. It also includes recommendations, such as: