Considering the amount of personal information being shared all over the Internet on a daily basis, it comes as no surprise that Data Privacy Laws are becoming the fastest growing and most interesting part of law these days. As people share sensitive, personal information every minute of every day, the concerns about the nature of use of that information by businesses and services grow exponentially, causing a need for updates and changes to existing privacy laws both in the US and abroad.
Privacy laws used to be stricter for industries such as finance and health, but today all businesses face data protection regulations, and should take the steps necessary to be compliant with current, as well as future requirements. Moreover, businesses could face huge fines if they don’t protect the privacy of people whose information they’re collecting.
It is a known fact that businesses collect an immense amount of data on anyone that visits and uses their websites. That data can include names, addresses, phone numbers, social security numbers, data about physical appearance, information on education, work history, salary, tax ID, medical data, location data, as well as call history, messages, and much more. The problem with this is that businesses don’t stop at just collecting the data, but often fail to protect what’s collected, and sometimes even abuse the sensitive information gathered over the years. For example, a lot of businesses sell users’ data to third parties.
Regulating misuse of personal information, protecting the consumers, and imposing fines, is at the core of Data Privacy Laws, the most famous being EU’s GDRP. The GDRP gives people the right to be informed about the type of data that’s being collected about them, how it’s being used by the businesses, how long it’s going to be stored, where it’s going to be shared, and more. It also gives people the right to request and access the personal data that’s being collected, the right to request a deletion of the data, the right to limit how the data is used, the right to object to certain use of data, and the right to be informed about automated decisions that affect their data.
In the US, the crucial Data Privacy Laws that businesses have to be aware of are:
HIPAA (Health Information Privacy and Portability Act) which safeguards patients’ personal health information.
GLBA (Gramm-leach-Bliley Act) which safeguards consumers’ financial data.
CCPA (California Consumer Privacy Act), which comes into effect on January 1, 2020, gives people the right to control how companies collect and use their personal data.
Here in Ohio, most business owners should be familiar with the Ohio Data Protection Act. The law was passed August 3, 2018 as a means of protecting both businesses and consumers from data breaches. While it is voluntary for businesses to participate, it incentivizes business owners to create and maintain a cyber security program. This program should do the following:
- guard against identity theft by preventing unauthorized information access
- anticipate and plan for any threats to security
- maintain the confidentiality of personal information
- outline technical, administrative and physical safeguards that meet or exceed cyber security expectations recognized by the industry
Put in simple terms, these privacy laws make sure that companies can’t just collect people’s personal information for the sake of collecting it. They have to have a specific, lawful purpose for gathering and processing data. Moreover, they provide a framework for protecting companies and their customers from outside security threats.
If you are interested in better aligning your business with the requirements of evolving data privacy laws, take the first step today with a call that will transform the security of your business.
Prepare for the unexpected and protect your sensitive data. Contact us to get started.