Written By: Chet Hayes

Data privacy is a critical issue in today’s digital age. The European Union’s (EU) General Data Protection Regulation (GDRP) sets a new standard for data protection by giving individuals control over their personal information. In the US, there is a growing trend towards a rights-based approach, like GDPR, that says individuals effectively own their personal information and have the legal right to decide how it is used. This can be seen in recent laws passed in California, Colorado, Connecticut, Utah, and Virginia. This shift represents a significant change from the traditional “do no harm” approach, which primarily focused on preventing harm or misuse of personal information by companies and organizations.

For organizations that collect and manage personal data, there are a few things they can do to help safeguard personal data:

  • Implement robust data governance policies and procedures: This will help the organization ensure that personal data is being handled, stored, and shared in a secure and compliant manner
  • Along with good data governance, have a plan for data retention. Having a plan for data retention will help the organization determine how long it will keep personal data and ensure that data is deleted after it is no longer needed.
  • Implement technical controls: This includes zero trust architectures, enhanced encryption, and access controls to protect personal data from unauthorized access and breaches.
  • Adopt a privacy framework within the organization. Think ISO/IEC 27701, AICPA Privacy Management Framework, or even the NIST Privacy Framework
  • And if you do adopt a framework, engage a third-party auditor for regular assessments: This can help the organization identify any areas of weakness in its data protection efforts and make improvements where necessary. A different set of eyes can help find things that have been missed.

The laws passed in the afore mentioned states along with the discussion about the Data Care Act at a national level are an indication that the views of data privacy in the U.S. are evolving, and it’s likely that we will see more laws like the GDPR being passed in the future.

Senate Resolution 33 is adopted by Congress, declaring January 28th as National Data Privacy Day.