A CEO of a major company asking for government regulation is not a common occurrence and not something that most of us are accustomed to seeing. So recently when CEOs of more than 50 leading U.S. businesses, including Walmart, Amazon and AT&T, signed a letter to Congress urging the passage of a comprehensive federal data privacy law, it had some thinking: What’s the catch? Don’t most companies do all they can to avoid further regulation or oversight?
Before this letter can be dismissed outright as an attempt by companies to write their own regulations, let’s not forget two significant factors U.S. companies currently face:
If the motive of these CEOs isn’t to dilute an imminent state law and data privacy on a large scale is something these companies are already dealing with, then why was the letter necessary? In two words: chaos avoidance. There is a very real possibility that most U.S. states will develop their own data privacy laws, causing chaos that will benefit no one.
As this article regarding different state laws/bills points out, there are 13 different states currently in pursuit of data privacy laws. With amendments ranging from how to deal with automated decision making to the right to portability, each state seemingly is taking a different path to what they consider privacy rights.
Achieving proper data privacy practices at a company is in alignment with a well-run data governance program. The need for data stewards, access to data, data quality, metadata management, etc., are all similar, but 13 different privacy laws -- and the growing potential for more -- throws a wrench in all of it.
Imagine the complexity involved (some would say chaos) of having customer data from different states and needing to determine which ones need to opt-in as opposed to opt-out, which ones can’t have automated decision making applied and which ones prohibit the sale of personal information about the consumer to third parties.
Can these things be accomplished technically? Sure, they can. But is it a best practice that most benefits consumers the laws are trying to protect? Not even close. Data governance, and now the blending of privacy, are tough enough to do right: adding in the additional complexity of different state regulations is risky business.
Hope first, then act
It is often said that hope is not a strategy, but in this case, we need to begin with it. Hope that one fair and strict data privacy law is enacted that covers all the aspects that are important to consumers. Hope that numerous state laws don’t make the prospect of data privacy unattainable.
But beyond hope, there are also actions that can be achieved today:
We all want (or hope for) data privacy and protection. How we get there via regulation is still an open book in the U.S. Multiple state laws that could potentially cause chaos or one federal law that leads everyone in one cohesive direction, will make all the difference if the U.S. is successful in securing the data of its residents.
Todd Wright is Head of Data Privacy Solutions at SAS. He is a respected expert on data privacy and management. You’ll find his insights on the topic featured in publications like the Wall Street Journal, InformationWeek, Datanami, insideBIGDATA, Tech Republic and more.
The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio