When it comes to personal data, individuals and governments alike are becoming more privacy conscious, and it’s not hard to see why. Cyber attacks ensnaring government and private organizations, such as those launched against SolarWinds and Colonial Pipeline, are becoming more frequent. Meanwhile, organizations are increasingly storing data in the cloud, where potential hackers have more opportunities to steal it. (Since 2020, about half of all corporate data has transitioned to cloud storage, a trend that is expected to accelerate, according to the statistics portal Statista). Furthermore, many websites and apps secretly collect users’ data. According to Pew Research, 79% of U.S. consumers say they are worried about how organizations are using their information, such as sharing it with advertisers and other third-parties without their knowledge.
Regulators Are Taking Action
In Europe, the General Data Protection Regulation (GDPR) now dictates how governments must protect their citizens’ privacy and hands greater control of personal data over to individuals. While there is no federal law in the U.S. that protects data privacy, a number of states have begun hammering out their own laws to fill the void. As of last year, the California Consumer Privacy Act requires organizations to give Californians greater control over their personal data. In March, Virginia passed a similar law dubbed the Consumer Data Protection Act. Other states have passed similar measures. (See the full list here).
A group of U.S. senators recently proposed a bill to protect consumer data privacy, signaling that the country may soon pass federal legislation affecting all 50 states. If passed, the Social Media Privacy Protection and Consumer Rights Act would require websites to give users greater control over their data and let them opt out of data tracking and collection. It would also require companies to list their terms of service in easy to understand language. They would also be obligated to notify users within 72 hours if their data is hacked.
“This legislation will protect and empower consumers by allowing them to make choices about how companies use their data and inform them of how they can protect personal information,” Senator Amy Klobuchar, one of the bill’s sponsors, told The Verge in a statement.
How Can Your Organization Prepare for Data Privacy Regulations?
Knowing that data privacy regulations are on the horizon, some major technology companies are already shifting their privacy models. Last month, Apple announced the release of a new option for iPhone users that lets them opt out of being tracked across apps. Only about 3% of users chose to be tracked, revealing that data privacy is valuable to a vast majority of users. Similarly, Google recently announced new privacy controls that include allowing users to erase the last fifteen minutes of their search history and reminders for mobile users that their location is being tracked.
While data privacy laws are evolving, there are measures organizations can start taking now to prepare:
- Make sure your organization is complying with all applicable industry regulations concerning data privacy and communicate to your users how you are doing this.
- Proactively communicate with your users. If there is an issue or breach affecting their data, immediately explain the problem. The explanation should include all details related to the incident, as well as any steps users need to take to resolve the issue. To provide additional reassurance, explain how your organization plans to avoid such issues going forward.
- Give your users greater control over their data. For example, adopting client-side encryption–where data is encrypted on the user’s device–is a way to help keep personal data private. Additionally, if your organization experiences a major security breach, the intruders will not be unable to decipher client-side encrypted data. Not only will this help protect users’ privacy, it will also maintain their trust.
It’s no longer a question of whether data privacy laws are coming, but when. By taking steps to protect users’ privacy and giving them greater control over their data now, your organization can quickly adapt to regulations and build loyalty among users.
Data Privacy Training for Your Organization
IEEE has recently launched the IEEE | IAPP Data Privacy Engineering Collection–a comprehensive collection of training and resources for engineers and technology professionals tasked with understanding, maintaining, and protecting data privacy. The Collection brings together the IAPP Certified Information Privacy Technologist (CIPT) training and credential with educational resources and standards from IEEE.
The IEEE | IAPP Data Privacy Engineering Collection trains engineers and technology professionals to ensure that an organization’s products and operations meet privacy goals and mitigate risks. The program delivers practical knowledge and insights to address challenges companies may be currently facing and in the future.
The IEEE | IAPP Data Privacy Engineering Collection includes:
- 7 online learning courses based on the IAPP Certified Information Privacy Technologist (CIPT) training and certification body of knowledge, including the option of the CIPT certification exam
- 15 online learning courses from IEEE on related AI, Data Privacy and Data Protection topics which offer CEUs/PDHs for successful completion
- 25 draft IEEE Standards critical to interoperability in data privacy
Speak to an IEEE Account Specialist today!
Magnuson, Beth. (29 May 2021). Data privacy vs. innovation: The new rules of the road. Venture Beat.
Kelly, Makena. (20 May 2021). Senators roll out bipartisan data privacy bill. The Verge.
Taylor, Josh. (19 May 2021). ‘Privacy by design’: Google to give people more power over their personal data. The Guardian.
Carder, James. (17 May 2021). Data Protection in a Post-COVID World: How Organizations Can Prepare For a Security-First Future. CPO Magazine.