Last month, I talked about Trends in Data Protection Policies (add link to past blog) and how recent policy changes in the data protection laws in Europe have started a trend among policy makers to improve data security and user privacy in their own countries. The real question is, Will the United States follow the example of the European Union and the United Kingdom?

2019 Data Protection Legislation Trends

Yes, over 36 states now have legislative initiatives designed to improve data protection and privacy for users. As a matter of fact, the state of California has led the pack with its California Consumer Privacy Act (CCPA) that takes effect in January 2020. Taking key points of the EU’s General Data Protection Regulation (GDPR), Californians would soon be able to control the type and amount of information corporations are collecting from them because the CCPA requires companies offering services online to provide their users and customers with information about the data they are collecting. Like the GDPRA, the CCPA is able to provide better user protection and data security because the law protects users from any undisclosed collection and use of their personal information and user data. To date, there is no law that allows private citizens to initiate data breach litigation, until the CCPA comes into effect in 2019.

Data Breach Legislation

Let’s face it, many online services ask us to provide them with our personal information. We often give our name, email, and mobile phone numbers to register for a wide range of online services including social media, online shopping services, and online subscriptions. How much of the information we disclose is kept private and during the course of using online services, how much more information is being collected from users and what do companies do with the data collected from their users?
By the end of last year, all the 50 states including the District of Colombia, Guam, the Virgin Islands, and Puerto Rico now have data breach notification laws. In the state of Vermont, lawmakers even added provisions for data brokering and disclosure requirements to its breach notification legislation to protect its residents from any form of misuse of their personal data. Last year’s backlash against large tech companies has put data privacy in the spotlight among lawmakers. Facebook’s involvement in last year’s Cambridge Analytica scandal changed the tone of lawmakers on data privacy and it signaled the changing tide of data privacy and data security legislations around the world.

How does this impact you?

The data privacy landscape is changing. Websites are now required to comply with more privacy and security for personal data they collect from their users. While the GDPR has already taken effect all over Europe, its U.S. counterpart, the CCPA, is set to change the playing field for data privacy in the United States.
Keeping things private – the CCPA will impose stiff penalties for the misuse and dissemination of private information collected from users. Companies like Facebook, Google, and Amazon who routinely collect, process, and store data from millions of users, now have to comply with strict regulations and data collection guidelines.
Consumer-Focused Laws – new laws like the CCPA would force companies to disclose the type as well as the amount of data they collect from users. More importantly, users would now have a say on the type and amount of data collected from them by companies through their user agreements.
Coverage for Internet of Things – yes, the CCPA includes provisions for appliances and other devices that collect user data such as smartwatches, smart trackers, and other IoT devices. The new CCPA requires manufacturers to provide their devices with reasonable security features that protect IoT devices from unauthorized access, data collection breaches, and hacking.
Legislative Trends – with the success of GDPR and the passing of the CCPA, other states are likely to follow suit and pass their own Data Privacy and Information Security laws to protect their residents. Hopefully, universal data privacy and security standards could be adopted for all users around the world in the near future.
Data Privacy as a Right – with greater awareness of the importance of data privacy and data security for users after last year’s Cambridge Analytica scandal. The future of data privacy and data security laws would focus on making online privacy a right of every American.
Want to know more about how data privacy and data security legislation impacts your company’s website and online presence. Find out more about data privacy laws and data breach laws in your state. Find out what it takes to make your website compliant to new regulations.