When legislators approach the issue of protecting sensitive personal data, two main considerations emerge. First, the steady pace of cyberattacks compromises both valuable intellectual property and millions of records that include personally identifiable information (PII). Second, consumers grow increasingly concerned about how companies use data collected about them. The EU’s General Data Protection Regulation (GDPR), which came into effect in May 2018, is the most prominent example of the global rise of regulatory frameworks focused on data security and protection, use, and privacy. In the United States, with the California Consumer Privacy Act (CCPA) becoming effective in January 2020 and other states continuing to introduce data privacy and protection legislation, businesses across the country will soon be faced with more and more conflicting regulations.
An effective and meaningful approach toward data privacy requires a single comprehensive bill—avoiding a flurry of contradictory state laws—that addresses how we define and protect sensitive personal data and deidentified data, establishes minimum standards of protection and care, and outlines uniform rules governing data protection, security, breach notification, and regulatory oversight. Unitary regulations would ensure that citizens have equal protection wherever they reside or wherever their data is stored while avoiding a myriad of disparate rules and regulations that add complexity and undue costs.
ITSP Magazine NTSC Podcast Series: Episode 1 (Federal Data Privacy) (April 13, 2020)
Privacy Expert Jodi Daniels Publishes CCPA Amendment Summary and Field Guide (December 19, 2019)
Data Privacy for a New Decade: 2020 New Year's Resolutions for CISOs (December 16, 2019)
What Every CISO Should Know About Marketing Ad Tags (April 8, 2019)
5 Reasons Why Privacy Leaped Forward in 2018—and What It Means for 2019 (December 20, 2018)
CISOs Should Take a Nod from Article 38 (July 16, 2018)
Council of Foreign Relations Wants US Baseline Data Protection Law (February 7, 2018)
Why CISOs Should Care About Developments in the EU (April 18, 2017)
U.S. Businesses Need to Prepare Now to Align with EU Privacy Law (January 30, 2017)