The recently approved General Data Protection Regulation (GDPR) has shown how seriously the European Union is taking online data protection and corporate responsibility for that data.

This underscores how Internet policies and data protection is becoming a sticky proposition for businesses and their legal departments. When you look at the legalities in the United States, the water becomes even more muddied because there’s no single guiding law that controls how data can be used and secured. Recently, three legal experts in this field, Angela Doughty, Caroline Outten, and Matt Cordell, shared their knowledge on this.

Current and upcoming laws affect businesses of every size

According to these three legal experts, there are already several federal laws that cover general privacy such as the Health Insurance Portability and Accountability Act (HIPAA) and other laws are being created at the state and even city level. For instance, every state currently has a law on the books governing data breaches and how a business is required to notify customers if their data is stolen or illegally accessed.

Other states have laws on the books now governing biometric data such as fingerprint scans and how this must be secured. Perhaps the most sweeping of these new laws is set to go into effect in California in 2020.

Businesses in California need to prepare for new law

The California Consumer Privacy Act will have a huge impact on businesses and how they interact with the residents of California. It will impact any company that collects the personal information of California residents as part of their business if they also meet other criteria. These can include buying, selling, or receiving data from 50,000 people in California or deriving more than half its revenue from selling personal data.

A third criterion is that the company makes more than $25 million annually. As part of this law, companies would have to divulge exactly how data collected will be used and if it will be sold. It requires companies to allow consumers to opt out of having their data collected. Fines for violating this law can range from $2,500 to $7,500 per occurrence but consumers will also be able to file claims for between $100 and $750.

Upcoming laws present complexities that businesses and counsel must address

An analysis of these laws, both current and impending, shows that businesses will have an extremely hard time complying with all of these. If you’re running an ecommerce site that does sales in all fifty states, you’ll be expected to comply with the laws in all of them.

Cybersecurity needs to be part of the preparation for upcoming law compliance

This shows the importance of having a plan laid out ahead of time, before a data breach occurs. Businesses must be proactive when it comes to data security and not reactive to it. Many of these laws restrict how you can store data and what you can do with the data when you have it.

As such, your legal team needs to pour through your terms of use statements to ensure they comply with all of the requirements your business may fall under. Failure to do so could be catastrophic for a small business, many of which go bankrupt within a year of being hit by a data breach.

Would you like help preparing for data protection and cybersecurity? Get a free consultation from New Edge Technology Solutions to talk with one of experts.

Call Now Button