There is still no nationwide privacy policy in the U.S. That could change soon.
The U.S. has long lagged behind the European Union when it comes to data privacy laws. Unlike the EU, it’s up to individual states to decide whether citizens should hold sovereignty over their private information. Though some laws such as the Health Insurance Portability and Accountability Act protect personally identifiable information, most states have left the idea of data privacy up in the air and there is no real overarching legislation that affects the entire country.
But things are changing, likely due to the General Data Protection Regulation and the prominent data breaches that have occured this year. And it looks like the United States may have a federal data privacy policy in the works.
Soon after the GDPR came into full effect, California signed America’s toughest data privacy into law, with similar requirements as its European counterpart such as the right to know what type of data companies collect from consumers and the right to prevent the sale of that data. The bill will go into effect in 2020.
If there’s a drawback, California’s law doesn’t go as far as the GDPR. For example, there are no deadlines for breach notifications and there’s nothing about financial penalty for violations.
Enter the Trump administration, which recently announced it’s working on a “less aggressive” set of data privacy protections inspired by the GDPR. With large corporations like Facebook facing fallout from various data scandals, the timing couldn’t be better for the U.S. to join the rest of the world in taking data privacy seriously. Consumers are becoming more aware of how their data is handled, and are demanding better protections.
The exact details of the proposal are unknown. But the U.S. may be on to something, in a sense, when it comes to individual states deciding how to implement cybersecurity legislation. Just as states like California have the freedom to choose how to handle data privacy, enterprise companies also have the choice to protect their customer and employee information with cybersecurity best practices.
The best choice is to address regulations like the GDPR and California’s law entirely with a robust, high-quality encryption solution that keeps data safe and unreadable to all but authorized users. To find out how eperi can help your organization simplify its cybersecurity compliance, contact us today.
Recommended for You
