Businesses globally are scrambling to keep up with the onslaught of new privacy regulations. In that case, does the United States have a single broad coverage privacy regulation? Currently, the answer is no. What the U.S. does have is a variety of privacy regulations that are based on the circumstances of the individual or the nature of the business and the information that they handle. However, things are changing.
Today the U.S. has a vertical listing of privacy regulations as well as new state regulations, with many more states getting in line to pass their own. As of February 2020, the U.S. Federal government is working on new legislation, backed by Senator Kirsten Gillibrand of New York, and is expected to fully pass it through the Senate. This legislation is expected to be more encompassing across the U.S. much like the General Data Protection Regulations or GDPR currently in force throughout the European Union. The current and soon to be enacted legislations in the U.S. that businesses have to be concerned about are:
U.S. Privacy Act of 1974
This regulation applies to citizen's rights and restrictions on data held by the government agencies.
Gramm-Leach-Bliley Act (GLBA)
This regulation includes private personally identifiable information that is considered nonpublic and used in the financial and banking industries.
Health Insurance Portability and Accountability Act (HIPAA)
This regulation allows for personal data protection used in the health care and medical industries.
Children's Online Privacy Protection Act (COPPA)
This regulation is to protect the misuse of personal information found online for children age 12 and under.
California is leading the way in state regulations with a consumer privacy law that is very similar to the GDPR used in the E.U. It is the California Consumer Privacy Act (CCPA).
Has a ruling working its way into the final processes of becoming law. The SB 613 has included rulings on "probabilistic identifiers," which is a step further than other laws. It goes further than the CCPA in that all information transferred to 3rd parties, sold for profit or given freely, must be disclosed to the consumer.
New York has proposed its privacy law S5642, which is currently on hold. Of the state laws, though still a proposal, it is the strictest on businesses. It is also the only one that allows all three responses from the consumer a right to access their information, a right to correct it, and the right to delete it altogether.
Massachusetts proposed law S-120 has many similarities to the CCPA and the GDPR. Consumers will have the right to access and delete their information as well as refuse sharing with 3rd parties. The hold up seems to be with discussions on the consumer's right to sue for violations up to $750 per person. The reason for the delay is that in 2017 there were over 400,000 consumers in the state affected by data breaches, which would have cost companies over $300 million if the law had already been in effect.
Hawaii has new legislation working its way through necessary changes to become law. The soon-to-be new law SB 418 offers the same regulations of the CCPA; the difference is that it would apply outside the boundaries of Hawaii. Any business globally would have to apply to the restrictions. However, this portion may be amended prior to the final passage of the bill.
North Dakota may have some legislation heading its way to becoming a final law. However, it does not offer much in the way of protection for consumers. It is an extremely lightweight move towards privacy, with no real legal ramifications set as of yet. The only thing that HB 1485 does is refuse websites from passing along consumer information without their consent.
Consumers globally have become outraged with corporations profiting from the abuse and misuse of their personal information. Citizens in countries all over the world are speaking out, as well as in the United States. Senator Gillibrand put it quite correctly in a blog post she has written on the issue, "Your data is extremely valuable to many companies with unknown motives, who are looking to exploit your data for profit. As a result, your very existence is being parsed, split and sold to the highest bidder, and there is very little you—or anyone, including the federal government—can do about it."
Senator Gillibrand, along with both the Senate and Congress are expected to do something about it. The belief is that consumers should be in control of their own data. Consumers should also have the right to know if they or their information is being used as a source for profits. The bill that Gillibrand has proposed will allow citizens the ability to protect themselves, their information, and have an agency to turn to for assistance in pursuing violations of their privacy rights.
The Data Protection Act of 2020
The name of the 41-page bill that Senator Gillibrand presented to the Senate for a vote was entitled the Data Protection Act. The bill that she is proposing is gaining ground and is expected to pass both the house and the Senate. Her bill includes statements that insist that "privacy is a constitutional right" of American citizens and American consumers. She also explains carefully how consumer rights are purposely violated and affected by the collection, maintenance, use, and sharing of personal data.
Federal Data Protection Agency
The proposed bill would establish a Federal Data Protection Agency, an independent agency that would be charged with the execution of protecting the privacy rights of consumers and citizens. The agency's role would be to act as a referee between corporations and consumers. The Data Protection Agency would define legislation, arbitrate cases, and enforce rules as well as penalties on corporations who violate the law.
The rules and provisions of the Data Protection Act would be enforceable, and penalties will be given in the case of violations. It defines personal data, much like the California Consumer Privacy Act (CCPA), but is including expansive terminology such as "probabilistic identifiers," which includes personally identifiable data that may seem benign but can be tied directly to other information and lead to the discovery to who the information belongs.
The DPA provides for enforcement of penalties, though no absolute monetary value per incident has been set at this time. Much like other federal investigative departments, the DPA will have the power to initiate joint investigations, subpoena witnesses and testimony, and demand documentation. In the event that the DPA notes that a violation has occurred, the DPA would then handle the pursuit of a civil action on behalf of the consumer. If the DPA discovers that criminal actions took place in the organization to affect the privacy of consumers, they can then refer the violating corporation or company for criminal prosecution.
Transparency & Reputation
U.S. consumers are sharper than ever and have come to expect full transparency from agencies that they interact with or do business. A company's reputation is everything to its continued brand recognition and success rate.
Business leaders who understand that transparency and reputation can make or break the bottom line of their enterprises, work hard to maintain any risk.
Stay Above the Fray
It can be difficult to stay ahead of the many complicated regulations, especially when they are changing day by day. To stay above the fray and not end up with a huge loss in legal fees, penalties, and loss to business can cause a great deal of stress to the most seasoned business CEOs and CISOs. One violation can cost a solid company its reputation permanently. One way to stay ahead of the privacy game is to have a quality intelligent redaction software solution as part of your game plan.
Compliance a Breeze
Complying with all the various regulations on a global scale can be a breeze. If you have the right redaction solution to have your back and guide you through a privacy-compliant business policy. Having your own system that can be tailored to your needs and the ability to train your staff to use the software for a variety of uses not only best utilizes the information gathering and storing process, but saves money for the enterprise. Having a privacy advocate and solution software system on your side to guide you through the necessary steps of maintaining, sharing, and removing data will protect your enterprise from any public downfalls that could cost company reputations as well as possible legal actions and penalties. Building trust between your enterprise and your client or consumer base is the foundation of your business. Keeping that trust is a commitment that you will be able to keep using the best quality redaction software system to comply with the standards placed before you. That system is CaseGuard.