There will always be tension when it comes to the trade-off between people’s privacy and their personal data online.
- When we offer up data (personal information, payment information, etc.), what guarantees does the business provide regarding data security and storage?
- As we leave a digital footprint online, what data are organizations allowed to track, and how are they allowed to use it?
These questions require significant debate. As a society, we will have to learn and adapt to the world new technologies are creating around us.
One thing is for sure; we are only moving in one direction. People going about their daily routine now generate vast amounts of data that is being exchanged, stored, analyzed, and often used for commercial purposes.
The rapid rise of the global information economy and organizations deriving value from the personal data they collect places a considerable spotlight on both data privacy (how information is collected and who gets access) and security (how information is kept safe).
Data Privacy Laws Are Changing Quickly
Companies navigating this space and making decisions regarding data privacy also have to contend with a dynamic legal landscape. Data privacy laws are changing quickly and vary from country to country, even within different regions of the same country.
At the end of last year, Québec announced an updated privacy law similar to the existing General Data Protection Regulation (GDPR) in Europe. As a result, companies collecting data in Canada’s second-most populous province will soon have to appoint privacy officers and undergo privacy impact assessments when transferring personal information outside of Québec.
Québec is one of the only Canadian provinces with a stand-alone privacy law governing the private sector. And the new bill is going to have a significant impact, complicating data flows for companies operating in the region. Most of the new law’s provisions come into effect next year (September 2023), and businesses failing to act will face hefty regulatory penalties and litigation.
Major ongoing issue businesses in the US and EU are currently keeping a close eye on is the new data transfer agreement between the two regions. The two sides have been negotiating a replacement for the defunct EU-US Privacy Shield. Given their fundamental clash of attitudes regarding privacy (the US favoring surveillance vs. the EU’s emphasis on privacy rights), it is no easy task.
This is just the tip of the iceberg. This year we’re seeing a range of new privacy laws and regulations in China and Thailand, amendments to laws in Singapore and Japan, developments across different states in the US, and reforms in Vietnam, Australia, and other countries.
The consequences of falling foul of privacy laws can be severe. For example, on March 15th, we saw Facebook (or Meta) fined $19 million for failing to prevent data breaches in 2018 and violating the EU’s privacy rules.
Keeping Up and Planning for the Future
- Comprehensively review all the data you collect in terms of data type (personally identifiable, financial, medical, etc.), where and when it is collected, how it is stored, who gets access, and if it is disposed of.
- Review security measures and check for vulnerabilities in where data is stored, backed up, and disposed of.
- Where are your products/services directly marketed in the world, and are there any cross-border data transfer issues?
- Understand the compliance requirements of your data handling and use.
- Communicate the new policy both internally to your team and externally to your customers.
Supporting and Enforcing Data Privacy
If all this seems like a lot to handle, don’t worry. There are tools out there to help implement data privacy policies and frameworks. They give you the controls needed to stay on top of customer data and the flexibility to adapt to future legal requirements.
You can even automate the entire privacy compliance process, including:
- Data collection and classification
- Risk management
- Data protection
- Compliance checks
- Breach and incident management and reporting
With technology on your side, you can simplify data – gaining complete visibility over data privacy processes while also reducing costs and ensuring compliance.
With Great Data Comes Great Responsibility