When we think about cybersecurity today, the first thing that comes to mind for many of us is privacy. So far, setting the national agenda on the topic has been a tumultuous and inconsistent journey but as we’re witnessing more data breaches and more infringements on user privacy than ever before, the concept of trust and the need for data governance is pertinent now more than ever.
We’ve seen the US government make strides toward more regulated and responsible data usage, and we’ve seen other regions globally implement strategies to combat data misuse – for example, the EU’s implementation of GDPR which took place close to a year ago has been met with some praise. However, it seems that as a country – and as an ever-evolving group of consumers and technology advocates – the US has yet to determine who and how we will set the standard for the future of privacy.
What we have seen so far
Most recently, we have been drawn into the back-and-forth between businesses and legislators over what data usage and transparency among consumers will look like in the state of California, via the California Consumer Privacy Act. The Act, which was signed into law in June and will go into effect in 2020, essentially gives residents of California the right to know what data businesses collect about them, why those businesses collect that information, and allows the resident to request businesses delete any information about them. It also gives individuals the right to opt out of having their personal information shared or sold. This obviously poses a massive roadblock for organizations who use user data to determine business decisions, marketing value, and more in the world of data currency.
In fact, approximately 76 percent of IT leaders globally agree that “the organization that has the most data is going to win”, according to a recent report on the state of data from one of our clients, Splunk. Essentially, data is big money these days, which isn’t all too comforting to the consumer.
Role models in the world of policy
As we had mentioned previously, although the US is still experimenting with how we’re going to approach privacy legislation, the EU has been operating with GDPR in place for nearly a year now. Although we’ve already witnessed several tech giants bear the brunt of this new reality (Google was fined a whopping $57 million for its GDPR violations), we’ve also seen immense benefits and substantial praise for this new law.
Should the US consider implementing new legislation like GDPR? Possibly – its particularly worth considering if your organization deals with processing personal data for anyone in the EU, notes our client BitSight. But the US is taking steps to create its own policy roadmap, and we’ve seen states like Massachusetts, New Mexico, New York, Utah and Washington already begin to weigh in on their own versions of data protection legislation similar to the CCPA and GPPR.
What this all means
Essentially what we are getting at, is that the future of privacy and policy is still very much to be determined. Outlined below are a couple of articles we believe are worth reading, to catch you up on the latest regarding data policy – if you haven’t already been following a long. Take a look, let us know what you think, or better yet, weigh in on the conversation with your state representatives.
- The New York Times: We’re Not Going to Take It Anymore
- Wired: Tech Lobbyists Push to Defang California’s Landmark Privacy Law
- SiliconANGLE: A year on, EU’s GDPR hasn’t changed data governance practices much, studies find
- SC Magazine: Privacy legislation: E pluribus unum
Here at Highwire, we believe everyone has a voice and everyone has a story. It just so happens that as the story surrounding data legislation in the US and abroad continues to unfold, we have a unique opportunity to get involved in the conversation. Let us know what you think.