ArticlesC2 Fall 2022 Are we on the path to a National Data Privacy Law? by Stan Wisseman October 16, 2022 written by Stan Wisseman For years, US lawmakers have avoided making tough calls about what data privacy protections we should give consumers and how they should be enforced. That finally may be changing. Last week, the US House Energy and Commerce Committee greenlit a watershed privacy bill that strikes compromises on a series of major issues that have long vexed congressional negotiators. It marks the first time a federal consumer privacy bill has made it out of a US congressional committee, a historic feat. The move represents significant progress toward codifying consumer data protections federally in the US — something lawmakers have attempted for years to no avail. The American Data Privacy and Protection Act (ADPPA), H.R. 8152, seeks to establish national standards for how tech companies and other businesses use consumers’ personal identifiable information (PII). The ADPPA would override many state privacy laws, which would reduce complexities for businesses. This is called “preemption”. Perhaps the most distinctive feature of the committee-approved version of the ADPPA is that it focuses on what’s known as data minimization. Generally, companies would only be allowed to collect and make use of consumer data if it’s necessary for one of 17 permitted purposes spelled out in the bill—things like authenticating users, preventing fraud, and completing transactions. Everything else is simply prohibited. Contrast this with the type of online privacy regime most people are familiar with, which is all based on consent: an endless stream of annoying privacy pop-ups that we almost always click “yes” on because it’s easier than going to the trouble of turning off cookies. That’s pretty much how the EU’s privacy law, the GDPR, has played out. I like the data minimization approach proposed in the ADPPA. Research conducted by Acxiom last year shows 83% of consumers want a clear link between the data they share with organizations and the value they will receive from this exchange. Data trust cannot simply be claimed or assumed – it must be earned, and it requires brands to involve customers in a dialogue about what they are doing with their data and why. Collecting too much data can also be a liability for companies. Even with bipartisan support and the potential to provide vast new protections for Americans, it’s not all clear skies ahead. Even if the bill passes in the House, there are hurdles to the bill’s success in the Senate. Also, some representing business and industry interests, like the trade group Association of National Advertisers, have already issued statements. Some are also unhappy with ADPPA’s preemption of state data privacy statutes, such as California’s Consumer Privacy Rights Act. The ADPPA also apparently rolls back other protections, including rights to privacy that states have seen fit to enshrine in their state constitutions. Based on the text of the current bill, endangered state privacy rules include those for biometric information (apart from face recognition), genetic data, broadband privacy, and data brokers—or “third-party collecting entities” as the ADPPA refers to them. I recommend tracking the progress of ADPPA’s journey through Congress. Before a House floor vote, there will be interest groups positioning their amendments/changes to the bill. I just hope that it’s not diminished further since, if passed, the ADPPA will impact the country’s privacy landscape for years to come. But regardless of whether ADPPA passes during this legislative session, the bipartisan support behind it — combined with a wave of new state data privacy laws set to go into effect next year — indicates that the tides are shifting at a more fundamental, cultural level with respect to privacy in the US. The CyberRes Voltage Data Privacy and Protection portfolio is well-positioned to support the technology needs of privacy programs that may need to comply with the ADDPA. You can also check out this new Privacy Hub from CyberRes to learn how data and identity can power privacy. October 16, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022GDPR Why We Comply with Data Privacy Laws and Standards by Thomas Gloerfeld March 27, 2022 by Thomas Gloerfeld March 27, 2022 The answer is really simple, right? Governments pass laws that mandate certain rules be followed and infuse a punitive measure for those people or organizations not in compliance with the regulation in question. 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Data SolutionsData SolutionsRansomwareSecurity Continuous Data Protection: The new imperative by Ziv Kedem March 27, 2022 by Ziv Kedem March 27, 2022 Recent world events have heightened concerns about data security. Stricter laws and increased risk of cyber attacks have forced businesses to prioritize data protection measures and implement them quickly. 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021Data SolutionsGDPRHPE NonStop ComplianceSecurity GDPR 2021 – Compliance and Penalties; 3 Years Later by Steve Tcherchian September 21, 2021 by Steve Tcherchian September 21, 2021 The General Data Protection Regulation, or GDPR, is a major piece of legislation adopted in 2018. It is designed to address the protection and responsible use of every European Union citizen’s personal data. However, GDPR is not an EU-only regulation. It affects ANY business or individual handling the data … 0 FacebookTwitterPinterestEmail
ArticlesC2 Summer 2021DataSecurity Three Years of GDPR – a Look Back by Thomas Gloerfeld June 15, 2021 by Thomas Gloerfeld June 15, 2021 It might be hard to imagine, but it has been three years since the General Data Protection Regulation (GDPR) was implemented in the European Union (EU) on 25 May 2018. Time certainly does fly by when you are trying to protect data. Nevertheless, the term ‘GDPR’ has set a … 0 FacebookTwitterPinterestEmail
C2 Summer 2020 Robust security strategy for your hybrid IT by Thomas Gloerfeld June 23, 2020 by Thomas Gloerfeld June 23, 2020 What Is Hybrid IT? At its most basic level, hybrid IT is a blend of cloud-based and on-premises IT services. When applications and data were all maintained on-premises (or in-house) standardization was a best practise and security was much simpler. Now that the business and IT are realising the … 0 FacebookTwitterPinterestEmail