Keeping up-to-date on consumer data privacy and security legislation
For tech pros and companies, ensuring consumer data privacy and security is more than just another box to check on the business to-do list. It’s a top priority because the consequences of neglecting this ever-changing discipline can, quite literally, be the end of your business. The cost of a single breach can be enough to make it impossible to recover.
If the challenges of keeping up with the rapid pace of change on the technical side of consumer data privacy and security wasn’t enough, the confusing and contentious legislative landscape across the U.S. has made things even more complex for tech businesses.
Though it is unlikely that comprehensive legislation will pass before the presidential election or even prior to 2021, TechPoint, our membership and other tech policy-concerned organizations are taking this time to learn about the nuances of proposed legislation and its near- and long-term implications.
Earlier this year, TechPoint President and CEO Mike Langellier and I participated in the annual Technology Councils of North America Conference in Washington D.C.—the “TECNA Fly-in.” This pre-pandemic event was packed with meetings, connecting with peer organizations and engaging with experts focused on the intersection of tech and public policy. Among the trending tech legislative topics discussed included the deployment of 5G technology, cybersecurity, IoT and the continued rise of the gig economy. One of the most intriguing and debated topics focused on the changing regulatory and legislative efforts around information and data privacy.
The discussion surrounding information and data privacy is transpiring in legislative and regulatory bodies throughout the world. The Brookings Institute indicates that this debate is not new and points to initial federal legislative efforts to address information and data privacy in the 1970s. Over the last several decades the federal government has taken legislative and regulatory action to address information and data privacy. Some of these efforts focused on credit reporting, health data as well as a patchwork of additional actions.
With the information and data universe growing at an exponential pace, the debate surrounding these issues has reignited. In 2018, The General Data Protection Regulation (GDPR) took effect in the European Union and has helped shape a modern global debate around information and data privacy. According to the Brookings Institute, the GDPR focused on imposing new measures and limitations on business and also created new privacy rights for EU residents personal information.
In the United States, the California Consumer Privacy Act (CCPA) became California law in 2020. The CCPA extends additional data privacy rights to California residents and applies to businesses that operate in the state, while excluding some based on revenue and size. The GDPR and CCPA impact how individual information and data is collected and processed as well as creating new compliance structures for organizations.
The actions of Europe and California could help inform how the federal government and other legislative bodies approach information and data privacy in the modern age. The Congressional Research Service states that as of April 3rd, federal legislators have introduced four privacy bills and circulated discussion drafts of two with additional proposals that seek to provide a comprehensive solution. Although areas of agreement exist between the proposals, deviation points focus around private right of action and preemption of state law.
Finding a solution will require additional negotiation as well as industry and consumer input. Much like the national debate over Internet sales tax, regardless of your position on the issue itself, we can all agree that both consumers and businesses deserve one set of rules concerning data privacy and security. Having different levels of protection and regulation depending on the zip code is simply not workable nor is it a sustainable regulatory system. At the very least, it’s unfair to small businesses that have too great a burden to comply with inconsistent laws from state-to-state.
The Covid-19 pandemic creates an additional layer of debate as governments and organizations utilize health data and tracing methods to aid in the fight against Covid-19. As Indiana’s tech ecosystem continues to grow and mature, it’s important that small, medium and large enterprises alike are informed and engaged in possible changes to information and data privacy regulations.