Data privacy will be a top trend for businesses in 2021. Today, virtually every nation has enacted laws that impact data privacy—or they are actively considering them. Failure to protect customer and employee information can have costly consequences. Business leaders will need to stay on top of this highly complex and evolving area of compliance.
Businesses have many more reasons to invest in data security and privacy. The most compelling benefit is that data privacy builds customer trust and loyalty. So there’s a real opportunity to turn data privacy into competitive advantage.
Laws protecting consumer data privacy
Here are the major laws affecting businesses in Europe, the United States, Canada, and the United Kingdom.
- The General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of EU citizens. It is important for businesses outside the EU to understand that international transactions with an EU citizen are protected by GDPR. The law gives individuals the right to access their own data and request data be removed or deleted. Additionally, opt-in/opt-out notices and terms must be clear and precise. Since the GDPR went into effect in 2018, data privacy complaints increased in France, Germany, and the UK.
- The Personal Information Protection and Electronic Documents Act (PIPEDA) went into effect across Canada in 2018. It requires organizations to obtain consent to collect, use or disclose personal information. Individuals have the right to know why an organization collects data, who is responsible for it, and how it will be secured. Individuals also have the right to obtain access to their personal information and ask for corrections to it.
- The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020 and grants similar rights and protections to California residents as the GDPR gives to Europeans. It may take time for this law (and similar laws in other U.S. states) to effectively stamp out the worst privacy infringements, but eventually, regulations like these will force many companies to be more transparent and collect less data.
- The New York SHIELD Act (SHIELD) was passed in July 2019 and became fully enforceable in March 2020. It requires businesses to implement safeguards for the “private information” (including name, SSN, financial card or account number, email address, password, and biometrics) for New York residents. It also broadened New York’s existing breach notification requirements.
Strengthen your data security practices
There are lots of ways companies can enhance privacy. Start by looking at all of your technology and eliminating software and hardware that either is no longer in use or no longer meets your data security needs in terms of encryption, password protection, authentication, or roles-based security. Always use a full range of anti-virus and network security tools. If you have limited IT resources, cloud solutions can enable you to take advantage of the secure data centers and practices used by big tech vendors. Keep your data footprint lean by not collecting more information than your business needs. Train employees about social engineering schemes and teach them to spot and shut down phishing and other scams. Many cybercriminals see your people as a “softer target” for infiltrating your business than hacking.
Blog courtesy of CyberScout
 RSA, “RSA Data Security & Privacy Survey 2019,” 2019.
 Consumer Reports, “California’s Privacy Law is Finally Here. Now What?,” Germain, Thomas, January 2, 2020.
 SHRM, “The New York SHIELD Act: What Employers Need to Know,” Philip Gordon and Jennifer Taiwo, August 28, 2019.
Copyright © 2021 Central Mutual Insurance Company. All rights reserved.