Privacy laws are changing how businesses are, well, doing business. Find out how a few major privacy laws are affecting companies worldwide.
On May 25, 2018, the General Data Protection Regulation (GDPR) took affect and has already affected consumers worldwide.
If you’re in America and you’ve noticed emails about privacy updates from your favorite apps filling up your inbox this and last month that’s because of the GDPR, which requires companies that collect customer data to provide legible privacy policies, free of fine-print legalese. Companies like ebay and Spotify now sport all-new, updated policies that even include the option to delete the personal data they’ve collected, one of the GDPR’s many mandates.
But that’s just a few of the GDPR’s several requirements, and one of many various data privacy laws in effect around the world. Do wide-reaching privacy laws like the GDPR also affect your business, your customers, and your employees?
If your business collects the personally identifiable information of European Union citizens, then, yes, you are affected by the GDPR, even if you operate in the United States or any other country. So long as you deal with EU data, you must comply with the GDPR’s requirements no matter the size of your business.
That means the new privacy laws don’t only apply to large corporations; small businesses need to evaluate the data they collect and work to protect it as well, preferably through encryption solutions that render sensitive data unreadable in the case of a data breach. So, even if you're a small business that has EU customers and collects their personally identifiable information, you must protect that information.
Several other important laws affect businesses in that they require the protection of consumer, employee, or patient privacy. The Health Insurance Portability and Accountability Act (HIPAA) requires hospitals and other healthcare facilities to safeguard Protected Health Information (PHI)—that is, medical information, names, phone logs, billing information, Social Security numbers, insurance information, or anything else that can identify a patient.
Financial institutions and government agencies that deal with money must follow the Gramm-Leach-Bliley Act (GLBA), which seeks to protect the account data, names and addresses, Social Security numbers, credit card numbers, and other important financial information of customers. Companies that fall under the GLBA’s purview must also must contain written policies that outline how consumer records are accessed, controlled, stored, and deleted.
And then there’s the Children’s Online Privacy Protection Act (COPPA), a rule that affects businesses with a target audience under the age of 13. COPPA emphasizes parental consent and control over the data of their children, which must be protected if it’s collected, whether it’s a name, physical home address, email address, online handle, phone or Social Security number, or photo or audio of a child’s voice.
If you know where you store your data, evaluate how much of that data is worth keeping, and work to protect what’s leftover, your business will have no problem navigating the new world we live in where data privacy and protection is not only valued, but necessary thanks to privacy laws like the GDPR, GLBA, HIPPA, and COPPA. Addressing data protection can be problematic and, with endless security solutions available in the market, it can become challenging selecting the right technology that is not only suited to the organization’s needs but also to different compliance requirements around the world. A step in the right direction for any business would be to adopt an encryption-based solution to protect sensitive data at all stages of its lifecycle.
Recommended for You