Most people only realised the true gravity of data privacy when Facebook paid a mind-boggling $5 billion penalty for non-compliance with data privacy laws.
Data privacy is critical, and particularly so in a digital world. People have been locking up their personal data and documents in their office cabinets and bank lockers for decades. But as more data migrates to the cloud, data privacy is top-of-mind for both owners of the data and regulators.
The reason?
A data breach is a stubborn stain on the company’s image that doesn’t wash off easily. A data breach doesn’t just put the company in a tough spot, it also impacts the company’s clients. After all, a lot of the company’s data is client data.
Educating the stakeholders about data privacy and regulations around it helps companies that have any degree of digital exposure. So, let’s talk about data privacy and data privacy laws.
Why are data privacy laws important?
The law has been slow in catching up with tech on several fronts. And data privacy is no different. When the law does manage to get up to speed, there’s usually a tornado of regulatory debates and rebuttal.
The world is witnessing a flurry of changes in the way technology is deployed in everyday life, as well as laws surrounding it.
Lawmakers are quickly realising the urgent need to protect personal data, whether that's because of political campaigns have unethically used personal data to manipulate election results, or businesses unethically capitalising on personal data.
This article talks about what data privacy laws are and why they’re so important for the world right now. But first, let’s get more clarity on what data privacy is.
What is data privacy?
Data privacy refers to the privacy of information, personal or otherwise, that’s accessible to the government or private actors. The thing is the word information here can include several things based on the context it’s used in.
For instance, say it’s in relation to a person’s personal data. They have a Facebook account, which means Facebook has a ton of information about the person, sometimes down to the type of clothing they prefer.
Now, the person may be okay sharing their name with a stranger. But what about other nuggets of personal information like date of birth, and yes, clothing preferences?
Ideally, Facebook wouldn’t share any of this information with any entity. But if it chooses to, can it? Not unless data privacy laws allow it to.
And this is where data privacy laws enter the scene.
The current data privacy laws
Personal data is protected in the EU by the EU General Data Protection Regulation (GDPR). GDPR lays down strict rules on the collection, processing and storage of personal information. Businesses that collect personal data must ensure it is accurate, kept up to date and deleted as soon as the company has no need for it. There are even stricter rules if the data is considered to be of a 'sensitive nature' (for example, if it relates to ethnic origin, beliefs or health amongst other categories).
Conversely, there’s no overarching data privacy law in the U.S. However, there is a group of laws that govern data privacy in their own sphere.
The Constitution protects Americans, to a certain degree, against unauthorised intrusions from the government but the Constitution lacks a general right of data privacy. The data privacy laws guide on Osano’s website is an excellent resource for those who want to gain a deeper understanding of the current data privacy laws in the U.S.
If your business operates in both the UK or EU, you will already be obliged to abide by the GDPR but you should make sure that you check what rules, regulations you might have to comply with if you do business in the US.
Winds of change
The inconsistent state of data privacy laws in an increasingly global online world is making lawmakers nervous. Many businesses are reassessing how they handle data. For instance, Zoom came under the regulator’s radar last year for having insufficient levels of encryption, prompting the company into revamping its entire security.
Political and corporate anxiety is often a healthy mix. Many US citizens are speculating that the US adopt regulations along similar lines to GDPR. And this isn't a flight of fancy. President Biden was involved in the Consumer Privacy Bill of Rights under the Obama administration.
Kamala Harris is also a known advocate of data protection. She had introduced the California Online Privacy Protection Act (CalOPPA) back when she was California’s Attorney General. Though now the state has the more popular California Consumer Privacy Act (CCPA).
New legislation spells good news for individuals as well as corporations, but it does mean that businesses will have to allocate suitable resources to ensure compliance. That said, data protection is no longer a nice-to-have; it's a must-have.
Why data privacy laws are important
Organisations are vulnerable to various data privacy risks when they store personal data. Any data that relates to an identifiable person should be handled with care. GDPR regulates all types of data from financial information to the employees’ contact information.
If a cybercriminal gets its hands-on personal data, it can have dire consequences. From identity theft to multi-billion-dollar scams, there’s no limit on how a person with malicious intentions can exploit personal data.
Worse yet, data breaches at the government level can put the security of an entire nation at stake.
Data Protection laws outline the principles that businesses and governments must adhere to, so they don’t jeopardise the integrity of the data they have stored.
The principles ensure that the use of data is strictly limited. Data protection laws also outline the duration for which the entities may store the data, and how the data must be protected for that duration.
Where necessary, data privacy laws can also restrict the transmission of data outside of a certain region.
As the world continues to switch to a largely online lifestyle, the volume of online data will grow exponentially. This means there will be more data to protect. But an even bigger challenge is that the speed at which the world is generating data is growing exponentially as well.
Will data privacy laws succeed?
Practically speaking, it's a mammoth task for any government (or any regulatory body) to monitor and curtail improper use of Personally Identifiable Information (PII), which is fundamental to the concept of data privacy.
Why?
Well, there are countless organisations (a few massive ones at that) with a business model that relies on the collection of personal information for the purpose of selling it to advertisers. That's not so say these companies are stealing PII, though there are a few exceptions.
People are willingly handing information to these companies, knowingly or unknowingly. People hand over their data in exchange for using a company's services for free. In many cases, people are quite happy with this exchange, which means there’s no massive pressure on regulators from the public.
However, there are very real threats from a lack of data privacy (and laws thereof). Cyber criminals are selling all kinds of personal data online from credit card numbers to voting preferences. And that must stop.
Laws need to be drafted and implemented so that all jurisdictions offer a degree of data protection. It’s not an easy task, but doing noting it isn’t an option.
Over the next decade, organisations that process data can expect to see regulatory changes the likes of which they have never seen before.
The future of data privacy
There’s an enormous shift happening in the way personal information is processed and regulated. Navigating the changes while still capitalising on data’s potential remains one of the most pressing questions for organisations today.
The world is about to witness a tsunami of regulatory changes in the data privacy space. This will require every party, including the government, to adapt to technologies they have never used before.
Keeping up to speed about regulatory reforms is key for those who work in relevant organisational roles to help the organisation successfully navigate changes.
Professionals can join organisations like the International Association of Privacy Professionals to ensure they’re always in the know of what’s new. Having privacy experts in the network is another asset that can help professionals stay up to date.
Copyright 2021. Article made possible by SKALE.