Data Privacy Regs are Coming, and the Number 50 is Worrisome - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management
02:00 PM
Todd Wright, Global Lead for GDPR Solutions, SAS
Todd Wright, Global Lead for GDPR Solutions, SAS

Data Privacy Regs are Coming, and the Number 50 is Worrisome

It's time for businesses to unite and back a single federal data privacy law. If not, we might end up with 50 different laws.

When news of the Facebook/Cambridge Analytica scandal broke last year, the ensuing shock waves shouldn’t have been that it happened, but that so few Americans were even aware such data violations actually do happen.

While identity theft and data loss have always been the primary security concerns for consumers and organizations, data privacy rarely got mentioned. This, of course, has changed, and Facebook was the perfect poster child to bring data privacy to light.

Considering its young billionaire founder, the politics of today, and that its billions of users post personal things on it daily; Facebook was ripe for mainstream attention when it came to data privacy. With Facebook’s high-profile congressional testimony behind us, and politicians and business leaders racing to voice their newfound concern for sound data privacy practices, the inevitable is coming: regulation.

Regulation is often a dreaded word for many business executives. It’s even something many have crafted entire careers fighting. But here’s a more radical approach: Stop resisting. 

Fight the good (regulation) fight

Business leaders should not only embrace data privacy regulations, they ought to actively push for a federal law covering all Americans. Before you dismiss this notion, consider the alternative: outright chaos that benefits no one.

In 2020, California is set to enact the most stringent data privacy law in America, known as the California Consumer Privacy Act (CCPA). The CCPA is robust — covering many of the concerns people have regarding data privacy. With provisions such as the right to know what type of data is being collected on them, and to whom their data is being sold, the CCPA has individuals cheering and businesses scrambling. But the breadth and depth of the California law shouldn’t be businesses’ main concern. The larger issue is the very real (and scary) possibility of all 50 states enacting their own versions of such a law. Now that should keep the C-suite up at night.

Driven by residents’ new-found understanding and concern of how their data is being handled, state leaders are reacting. Several states are currently moving forward or proposing new data privacy laws, with many other states sure to follow suit. Now this is at the state level, which has myriad resources and budgets to put forth such laws.

The majority of companies, to put it bluntly, simply don’t have the expertise or resources to effectively handle the data requirements involved in dealing with 50 different data privacy laws. Imagine 50 different laws with each potentially having different opt-in clauses, different rules on what is in fact personal data, and different rights regarding whether a person can request that their data be erased. The data governance, and people and processes alone are too overwhelming to even think about. It would be like a flight attendant asking passengers to select a meal from 50 different options, have him/her prepare each meal and then figure out which passenger should receive which meal. This is essentially what it would look like if each state enacts their own data privacy law. 

Multiple flavors of data privacy laws would not only slow the pace of business and innovation, but also would achieve chaos and zero results. A tragic loss across the board.

Putting privacy into users’ hands

There are two proposals currently making the rounds in the legislative branch: the Data Care Act and The Information Transparency and Personal Data Control Act. The Data Care Act covers a broad range of personal data from social security numbers to user passwords and would require user permission before information on them is sold. The Information Transparency and Personal Data Control Act centers mostly on opt-in consent and how information is being shared with third-parties. The impact on privacy if just one of these acts becomes law is that it gives control to individuals over their data and the power of a single regulator to ensure data privacy for all Americans. While it would require a significant amount of work from organizations to become compliant, the goal is to comply with one law – not several. And that makes all the difference.

While still far from becoming law, the intent of these acts deserves and requires bi-partisan support. Yes, debate and concessions will no doubt occur. But make no mistake: States will act on data privacy if the federal government does not. A federal regulation is not only a win for individuals, but for businesses as well. When’s the last time you could say that

Todd Wright is the Global Lead for GDPR Solutions at SAS.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll