Your Company Needs to Keep Track of Evolving Data Privacy Laws
Modern businesses need to operate in the modern world. This means keeping track of a wide variety of technologies and laws that are evolving to incorporate those technologies. We’ve recently seen major advances in Artificial Intelligence (AI) – an apt example of the increased reliance on digital technologies.
Our world has gone digital and companies looking to compete in the modern sphere need to understand and be prepared for what’s coming next. You secure space in the future with diligent preparation and commitment to evolving the way you do things.
Data privacy laws are near the top of the list of things your company should be keeping a watchful eye on. Customers, clients, and online users are becoming increasingly concerned about their data. Lawmakers are continuously reviewing and updating data privacy laws to protect consumers – meaning your privacy and data retention policies may be violating laws you don’t even know about yet.
Federal Data Privacy Regulations
Most businesses with an online presence are operating across state lines. Whether you’re selling products, offering services, or innovating with people across the country, federal regulations would apply… if there were any laws that covered data privacy extensively.
When it comes to certain aspects of data privacy, the federal government has remained mostly hands-off – leaving comprehensive regulations to each individual state to enact and enforce (with help from the Federal Trade Commission). The American Data Privacy Protection Act made its way through some congressional committees and had been discussed by members before failing to get the necessary votes to become enshrined in law; however, with the increased concerns related to how personally identifiable information is handled, we expect that some variations of this act will continue to be debated in congress.
A few federal laws that may apply depending on your field of work include the below, but this is not an exhaustive list, and applicable laws continue to be adopted:
Health Insurance Portability and Accounting Act (HIPAA) pertaining to the access and sharing of health information by health professionals (note that this does not apply as universally as public perception indicates)
Children’s Online Privacy Protection Rule (COPPA) pertaining to “websites and online services directed to children under 13 years of age” and any websites that collect data from children under 13
Corporate Transparency Act (CTA) providing additional duties of the federal government to strengthen data privacy for Americans (though its overarching purpose is much more expansive for businesses across the country)
Gramm Leach Bliley Act (GLBA) & Fair Credit Reporting Act (FCRA) both pertaining to the collection and use of personal or financial information collected by banks, financial institutions, and other companies
State-Level Data Privacy Regulations
Most of your company’s time spent on data privacy will be used to understand each state’s data privacy laws. You don’t need to know all 50 states if you do not collect information from individuals residing in all 50 states, but a thorough review of the visitors, customers, and users on your website will provide guidance on which state regulations you actually need to follow. Even if you are not making sales to individuals in certain states, if your company’s website is accessible to all individuals no matter their state of residence, your collection of analytical and site visit data may still require you to abide by such state’s data privacy laws.
The list of legislation for all 50 states would be too extensive to include here, but the International Association of Privacy Professionals (IAPP) has a useful tool to keep track of legislation in states where your company operates and collects data. White Summers also keeps close watch on prospective legislation to ensure that our clients’ privacy and data collection policies are updated and in compliance.
International Data Privacy Regulations
With the increasing rise of international ecommerce, it is vital for companies to do a review of potential requirements of international privacy and data security laws.
Europe, in particular, has been leading the way with data privacy laws with the passage of the General Data Protection Regulation, or “GDPR” or what has been referred to as “the toughest privacy and security law in the world.” It’s imperative that your company understands and follows these regulations when necessary.
At White Summers, our goal is to take founders from local to global. We can’t get there if data privacy regulations halt your innovation in its tracks. Our team of legal professionals can help you navigate the complicated and evolving world of data privacy laws, protecting your innovation and opening up doors for incredible growth and potential. Contact the team at White Summers to get started today.
By White Summers