Insights
Not many people would be surprised to hear someone say that they feel even less secure online today as compared to five years ago. After all, there is round-the-clock media coverage of every big company that loses user data due to a breach, an internal mistake, etc.
As Mitchell Noordyke from the International Association of Privacy Professionals (IAPP) reports, “State-level momentum for comprehensive privacy bills is at an all-time high." One of the hot topics now is whether the United States, like the European Union, ought to develop and adopt a privacy framework for all its residents across the 50 states.
Amid the current political weather (with much division across partisan lines), even getting a national privacy framework kickstarted--one that wouldn’t be negated by the other party--seems like a long shot. However, the need is certainly intensifying, mostly due to the sheer complexity of adhering to each state’s regulatory requirements.
The reason firms and organizations care is simple: if they want to provide services or products or collate information from users within that state, they must follow that state’s law. This is complicated because each state carved its own privacy policy. Remember, too, that there are two core aspects to privacy regulations. One is concerned with the rights of the consumer, while the other focuses on organizational requirements, such as prohibiting discrimination, processing limitations, or age limits for opting into services.
The staff at IAPP put together a State Comprehensive Privacy Law Comparison. A quick look reveals a number of issues, such as:
The names of each of these privacy policies vary little. They include the Washington Privacy Act, the Rhode Island Consumer Privacy Protection Act, and the California Consumer Privacy Act. Yet they each offer a tailored version of privacy, some much better for the residents, while others afford the collector and processor more freedom to collect personal identifying information (PII).
Areas of concern for nationwide privacy regulation are far and wide, but they should definitely consider these benefits for the user:
National checks and balances for organizations would also need consideration, such as:
Currently, the US approach to protecting the personal data of its residents is less than watertight. Despite the existing national regulations collecting and handling financial data or health data, we have seen a concerning number of successful attacks that have stolen innocent users’ personal information.
This increased frequency and scope of data breaches, in addition to the outlandish success that attackers seem to be having, underlines the need for a national data privacy law. It would simplify how businesses (who want to be responsible) would implement their data processing based on these (future) national regulations. It would also mean that rather than spending time and money on algorithms to account for each state’s particular requirements, organizations could increase the security infrastructure of systems overall. Plus, users would have more transparency and understanding of their rights when it comes to online data collection. All these points have the potential to produce a win-win scenario, and as an added impact, the US gets to learn about all the benefits and costs of General Data Protection Regulation (GDPR), and perhaps even gets a chance to improve upon those.
We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.
Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.
Kevin can be reached at [email protected] or +1 843 890 8596.
Digital forensic experts can help attorney protect intellectual property from the rising risks of data theft, misappropriation, and exfiltration....
How data analytics, combined with other forensic accounting tools, can help investigators uncover Ponzi schemes and other frauds....
The consequences of greenhushing as they relate to litigation, reputational risks, and progress toward global sustainability goals....