January 28 is National Data Privacy Day in the United States; an ideal time to consider the current state of personal privacy and expectations for 2021.
The Current State of Privacy
In the United States, personal data privacy laws are extremely fragmented. The existing legislation can largely be broken up into two main categories:
- Industry-Specific Standards: Certain specific types of data are protected under industry-specific regulations in the US. For example, the Health Insurance Portability and Accessibility Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) mandate how patient and cardholder data should be used and secured.
- State-Level Legislation: Several US states have passed or are currently considering state-specific data privacy laws. These state-level laws typically cover only residents of that state, and data subject rights and business requirements can vary significantly from one state to the next.
This fragmented regulatory landscape means that not all Americans can expect equal levels of data privacy. The California Consumer Privacy Act (CCPA) and the recently passed California Privacy Rights Act (CPRA) provide strong privacy protections for California residents.
However, in many cases, these protections and rights are only extended to those explicitly covered under the law. Many websites ask whether someone is a California resident as part of the process for exercising the rights outlined in the CCPA and CPRA. This demonstrates that, currently, major gaps exist in US privacy protections.
The Future of Privacy in 2021
The data privacy landscape is recently evolving. In the past few years, several new data privacy laws have been passed and put into place in a number of countries, states, and regions. However, no federal data privacy law currently exists within the United States.
This lack of a federal privacy law is expected to spur continued development of data privacy legislation in the US. In 2021, it would not be surprising to see:
- More State-Specific Privacy Laws: Without national privacy legislation, states are increasingly developing and passing their own privacy legislation. Several state-specific privacy bills are currently working through state legislatures, and more are likely to start the process in 2021.
- A National Privacy Law: Legislators have been working on a national privacy law for several years now, and many of the core components currently have bipartisan support. With the 217th Congress, the potential exists for a federal privacy bill to pass the legislature and be signed into law in 2021.
With these new privacy laws come new requirements for businesses. As data protection regulations impact a greater percentage of consumers, businesses will need to focus on their compliance efforts in 2021. This includes both ensuring the ability to comply with data subject rights requests and to protect consumer data against breach and unauthorized access or use.
How MorganFranklin Can Help
Data privacy laws and regulations are a two-sided issue. On the one side, the consumer has additional protections and control over their personal data. On the other, the businesses that are collecting and using this data need to take steps to achieve and maintain compliance with the new regulations.
Regulatory compliance requires a deep understanding of the regulations in question, knowledge of an organization’s use of data, and the ability to select, deploy, and configure the solutions needed for data visibility and security. MorganFranklin has an understanding of the current major privacy laws and experience in applying them to an organization’s unique circumstances and use cases.