Does your business have any type of data privacy program? If not, it is well past time to put data privacy on the list of corporate priorities.
It might help to start by clarifying exactly what is meant when we speak of data privacy. Data privacy relates to how personal data relating to individuals, be they employees, customers, or others, is being collected, shared and used. Examples of such personal data would include address information, social security numbers, and health information.
If you want to know the direction data privacy is headed, familiarizing yourself with the European Union’s General Data Privacy Regulation, or GDPR, is a good place to start. Some key provisions of the law, which went into effect on May 25, 2018, include the following:
- Privacy policies must be written in a simple, straightforward manner;
- Individuals must provide affirmative consent before personal data can be used by a business;
- Businesses will be able to collect and process data only for well-defined purposes. Individuals will have to be informed if their data is going to be used for a new purpose;
- Businesses will have to inform users without delay in the event of harmful data breach;
- Individuals will have a right to access and get a copy of his / her individual data;
- Individuals will have a “right to be forgotten” or right to erasure of his / her individual data; and,
- Authorities will have power to impose fines on businesses who violate the rules.
So, stricter rules regarding data privacy are on the way. In fact, the GDPR already applies to some of you reading this blog.
Closer to home, California passed their own data privacy law – a law that is similar in many ways to GDPR – in June 2018. The California law gives California residents the right to be informed about personal data collected about them and the reason for collecting the data. Other provisions similar to GDPR include the right to request deletion of personal data, the right to opt out of the sale of personal data, and the right to access personal data in a “readily usable format. The California law goes into effect in 2020.
The upshot of all this is simple – data privacy is a topic businesses need to proactively address and the sooner the better and the less disruptive it will be to the business. Contact us today if you want to talk about data privacy and data security in your business.
If you would like to learn more about Data Security, please join Brian at our upcoming Data Security and Corporate Safety Seminar!