Data Privacy Regs are Coming, and the Number 50 is Worrisome - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management
Commentary
4/29/2019
02:00 PM
Todd Wright, Global Lead for GDPR Solutions, SAS
Todd Wright, Global Lead for GDPR Solutions, SAS
Commentary
50%
50%

Data Privacy Regs are Coming, and the Number 50 is Worrisome

It's time for businesses to unite and back a single federal data privacy law. If not, we might end up with 50 different laws.

When news of the Facebook/Cambridge Analytica scandal broke last year, the ensuing shock waves shouldn’t have been that it happened, but that so few Americans were even aware such data violations actually do happen.

While identity theft and data loss have always been the primary security concerns for consumers and organizations, data privacy rarely got mentioned. This, of course, has changed, and Facebook was the perfect poster child to bring data privacy to light.

Considering its young billionaire founder, the politics of today, and that its billions of users post personal things on it daily; Facebook was ripe for mainstream attention when it came to data privacy. With Facebook’s high-profile congressional testimony behind us, and politicians and business leaders racing to voice their newfound concern for sound data privacy practices, the inevitable is coming: regulation.

Regulation is often a dreaded word for many business executives. It’s even something many have crafted entire careers fighting. But here’s a more radical approach: Stop resisting. 

Fight the good (regulation) fight

Business leaders should not only embrace data privacy regulations, they ought to actively push for a federal law covering all Americans. Before you dismiss this notion, consider the alternative: outright chaos that benefits no one.

In 2020, California is set to enact the most stringent data privacy law in America, known as the California Consumer Privacy Act (CCPA). The CCPA is robust — covering many of the concerns people have regarding data privacy. With provisions such as the right to know what type of data is being collected on them, and to whom their data is being sold, the CCPA has individuals cheering and businesses scrambling. But the breadth and depth of the California law shouldn’t be businesses’ main concern. The larger issue is the very real (and scary) possibility of all 50 states enacting their own versions of such a law. Now that should keep the C-suite up at night.

Driven by residents’ new-found understanding and concern of how their data is being handled, state leaders are reacting. Several states are currently moving forward or proposing new data privacy laws, with many other states sure to follow suit. Now this is at the state level, which has myriad resources and budgets to put forth such laws.

The majority of companies, to put it bluntly, simply don’t have the expertise or resources to effectively handle the data requirements involved in dealing with 50 different data privacy laws. Imagine 50 different laws with each potentially having different opt-in clauses, different rules on what is in fact personal data, and different rights regarding whether a person can request that their data be erased. The data governance, and people and processes alone are too overwhelming to even think about. It would be like a flight attendant asking passengers to select a meal from 50 different options, have him/her prepare each meal and then figure out which passenger should receive which meal. This is essentially what it would look like if each state enacts their own data privacy law. 

Multiple flavors of data privacy laws would not only slow the pace of business and innovation, but also would achieve chaos and zero results. A tragic loss across the board.

Putting privacy into users’ hands

There are two proposals currently making the rounds in the legislative branch: the Data Care Act and The Information Transparency and Personal Data Control Act. The Data Care Act covers a broad range of personal data from social security numbers to user passwords and would require user permission before information on them is sold. The Information Transparency and Personal Data Control Act centers mostly on opt-in consent and how information is being shared with third-parties. The impact on privacy if just one of these acts becomes law is that it gives control to individuals over their data and the power of a single regulator to ensure data privacy for all Americans. While it would require a significant amount of work from organizations to become compliant, the goal is to comply with one law – not several. And that makes all the difference.

While still far from becoming law, the intent of these acts deserves and requires bi-partisan support. Yes, debate and concessions will no doubt occur. But make no mistake: States will act on data privacy if the federal government does not. A federal regulation is not only a win for individuals, but for businesses as well. When’s the last time you could say that

Todd Wright is the Global Lead for GDPR Solutions at SAS.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll