Top U.S. Businesses Call for More Government Regulation - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // Big Data Analytics
Commentary
10/1/2019
07:00 AM
Todd Wright, Head of Data Privacy Solutions, SAS
Todd Wright, Head of Data Privacy Solutions, SAS
Commentary
100%
0%

Top U.S. Businesses Call for More Government Regulation

So, what's the catch? There's a very real possibility that most states will develop their own data privacy laws, causing chaos that will benefit no one.

Image: md3d - stockadobe.com
Image: md3d stockadobe.com

A CEO of a major company asking for government regulation is not a common occurrence and not something that most of us are accustomed to seeing. So recently when CEOs of more than 50 leading U.S. businesses, including Walmart, Amazon and AT&T, signed a letter to Congress urging the passage of a comprehensive federal data privacy law, it had some thinking: What’s the catch? Don’t most companies do all they can to avoid further regulation or oversight?

Chaos avoidance’

Before this letter can be dismissed outright as an attempt by companies to write their own regulations, let’s not forget two significant factors U.S. companies currently face: 

  1. Congress has already drawn the line with data privacy by stating that any federal bill that represents a watered-down version of the California Consumer Protection Act will not pass with the needed votes.
  2. The majority, if not all, of major U.S. based companies already must adhere to the very strict regulations found within the General Data Protection Regulation (GDPR). Adhering to data privacy is not something new for U.S. companies.

If the motive of these CEOs isn’t to dilute an imminent state law and data privacy on a large scale is something these companies are already dealing with, then why was the letter necessary? In two words: chaos avoidance. There is a very real possibility that most U.S. states will develop their own data privacy laws, causing chaos that will benefit no one.

As this article regarding different state laws/bills  points out, there are 13 different states currently in pursuit of data privacy laws. With amendments ranging from how to deal with automated decision making to the right to portability, each state seemingly is taking a different path to what they consider privacy rights.

Risky business

Achieving proper data privacy practices at a company is in alignment with a well-run data governance program. The need for data stewards, access to data, data quality, metadata management, etc., are all similar, but 13 different privacy laws -- and the growing potential for more -- throws a wrench in all of it.

Imagine the complexity involved (some would say chaos) of having customer data from different states and needing to determine which ones need to opt-in as opposed to opt-out, which ones can’t have automated decision making applied and which ones prohibit the sale of personal information about the consumer to third parties.

Can these things be accomplished technically? Sure, they can. But is it a best practice that most benefits consumers the laws are trying to protect? Not even close. Data governance, and now the blending of privacy, are tough enough to do right: adding in the additional complexity of different state regulations is risky business. 

Hope first, then act

It is often said that hope is not a strategy, but in this case, we need to begin with it. Hope that one fair and strict data privacy law is enacted that covers all the aspects that are important to consumers. Hope that numerous state laws don’t make the prospect of data privacy unattainable.

But beyond hope, there are also actions that can be achieved today: 

  • Build privacy by design into all processes. Start software development with privacy in mind – not after the fact.
  • Ensure that all individuals within a company know their role in keeping customer data secure and safe. It is often the rogue employee that causes companies to be in violation. Think of the numerous times that employees transitioning to a new company potentially bring “their records” with them that include the personal information of customers.
  • Treat data privacy as an extension of data governance, not separate. As mentioned, the requirements for proper data governance and privacy are interchangeable -- make the initiatives part of one big umbrella.

We all want (or hope for) data privacy and protection. How we get there via regulation is still an open book in the U.S. Multiple state laws that could potentially cause chaos or one federal law that leads everyone in one cohesive direction, will make all the difference if the U.S. is successful in securing the data of its residents.

Todd Wright is Head of Data Privacy Solutions at SAS. He is a respected expert on data privacy and management. You’ll find his insights on the topic featured in publications like the Wall Street Journal, InformationWeek, Datanami, insideBIGDATA, Tech Republic and more.

 

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll