New Wave of Data Compliance Laws (2/2)

The Important of Company Culture Around Data Compliance

Research has shown that IT teams put a different value on organizational data compared to the departments that own it. The perceived value of data has a direct impact on the safeguards companies put in place to protect it.

It’s important therefore that you establish consistent processes for determining accurate value. At the same time, it’s worth noting that the very definition of PII itself is growing and changing.

Most people would think it’s obvious, for example, that they should treat a Social Security number as being highly sensitive. Other data elements are not as clear-cut.

Let’s take the California Consumer Privacy Act (CCPA). Its definition of personal information is broad. It includes any data that someone might be able to associate with an individual. It does this without explicitly stating which data points we should consider as being personal.

How Can Enterprises Defend Themselves Against Lawsuits?

Regulatory bodies across the globe do not share a common understanding of PII. Companies should therefore establish their own definitions. These definitions should relate to the norms of the geographical regions that they operate in.

Organizations need to carefully and consistently adhere to those definitions. That should be with the right levels of protection, monitoring, and training.

This acts as evidence that an organization has been proactive. They’ll have been addressing data privacy issues with policies and procedures. This can make a big difference in court compared with a company or enterprise that has nothing in place at all.

The Power of the Consumer

Consumers are changing the way they make key decisions about which organizations they want to do business with. They can base these on factors that go a lot further than quality and price.

Some prefer companies that reflect their own values around social or environmental issues, for example. Data privacy considerations are fast becoming a key consideration too.

At the same time more and more businesses are realizing other benefits of data adherence. They recognize that they go hand in hand with maintaining a good public presence and reputation.

The Growth and Spread of Data Protection Laws

Data privacy regulations are going to become more prevalent. They’re spreading state by state in the U.S. On top of that, they’re likely to be more far-reaching and be yet more punitive for anyone in violation of them.

At least a dozen states, including New York and Washington, are developing new regulations. Some requirements are likely to overlap with the big guns like the GDPR and CCPA. Others will not. That’s going to create even more compliance headaches for the organizations affected.

Nevada has already introduced its own data privacy rules. Its law is a little narrower compared to California’s.

It mainly expands on requirements that already existed. It also exempts businesses that already had to comply with the Health Insurance Portability and Accountability Act (HIPAA) or the financial industry’s Gramm-Leach-Bliley Act (GLBA).

Another privacy law, the California Privacy Rights Act (CPRA), now has approval from California voters. The plan is for it to take effect in early 2023. It will also take into account aspects of data privacy from the previous year.

It will expand and amend some of the requirements contained in the CCPA. That includes creating a new category of personal information. Sensitive Personal Information is the name for it. It will also establish a brand new privacy regulator known as the California Privacy Protection Agency.

Companies need to proactively address their treatment and handling of consumer data globally. If not, they’re asking for trouble in the future. Being well-prepared includes:

• Understanding the location of sensitive data
• Establishing the value of that data to the business
• Putting policies in place to reflect organizational and regulatory priorities

You might be holding out hope for new federal laws that could effectively suck up aspects of all the different state rules. Even if there was federal legislation that could preempt the multiple state laws, it could take years to create. It would not be likely to happen in the foreseeable future.

A Greater Understanding of Data Compliance

Having processes in place to deal with the wave of new data compliance regulations makes business sense. Part of the solution lies in the very digital technology that has brought about the sea-change in data protection laws.

Using smart technology to scan your documents for PII is one concrete way to help ensure you and your business are data compliant. iDox.ai can do this for you and much, much more.

Adopt Privacy Protection Solution

iDox.ai is an online document service for any person to redact PII in their PDF and MS Word files. With iDox.ai’s patented AI engine, PII information, such as person names, organization names, emails, addresses, bank accounts, can be automatically detected within a few seconds from a PDF or MS Word file.

Please visit the iDox.ai official website for more information. And you can Get in touch with us now to find out why you should make iDox.ai your data compliance solution