This week is the annual Data Privacy Week, hosted by the National Cybersecurity Alliance. The campaign intends to educate individuals on best practices for securing their data while also teaching the public about online privacy.
Here we will take a look back on a few notable data privacy updates that surfaced throughout 2021, as well as themes to look forward to throughout 2022 and onward.
A look back on 2021
On January 5, 2021, the HIPAA Safe Harbor Bill became law. When former President Donald Trump signed this bill, it amended the existing HITECH Act and demanded that the Department of Health and Human Services take cybersecurity implications into account when determining fines related to health security breaches.
A 2021 Ground Labs’ consumer survey revealed that 71% of U.S. consumers are unaware of consumer data protection laws like the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR). This lack of awareness makes it even more important for legislators and businesses to work together to protect consumers with or without their knowledge.
In March, the CCPA was amended to decrease the number of dark patterns consumers may be exposed to. Dark patterns are practices that businesses use to deceive customers into providing information, like using confusing language to get consumers to opt-into data sharing. According to § 999.315, “A business’s methods for submitting requests to opt-out shall be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out. A business shall not use a method that is designed with the purpose or has the substantial effect of subverting or impairing a consumer’s choice to opt-out.”
The U.S. was not the only country cracking down on privacy in 2021. In late April, China introduced the second version of the Personal Information Protection Law of the People’s Republic of China (PIPL). The PIPL was officialized in August and asks businesses to have a reasonable purpose for collecting consumer data.
In September, the UK’s Department of Digital, Culture, Media and Sport (DCMS) acknowledged that it had begun considering alterations to the GDPR. The end goal is to have more common sense data compliance laws.
To round out the last quarter of the year, Facebook — now Meta — announced its rebranding and genuine commitment to creating the “metaverse.” The Metaverse will theoretically become a virtual place for people to work, live and play. This initiative may not be complete for another four years. Still, it has many businesses and individuals lingering on the unknowns, such as how a new virtual world could impact data collection and protection.
What to expect in 2022
It is daunting to see potential threats to data privacy on the horizon, but there are ways to prepare.
First, companies should treat data privacy as a competitive differentiator rather than a means to an end. Gartner predicts that by the end of 2022, 65% of the world’s population will have personal data protected under contemporary privacy regulations. However, businesses that think they can simply meet data compliance laws once and check a box will be woefully unprepared to protect customers when a breach occurs. Safeguarding data is an ongoing challenge.
The primary step to protecting data privacy is data discovery — the process of locating exactly where all data resides, whether on a server, in the cloud or tucked away in another location. Ground Labs’ Enterprise Recon solution has the ability to locate over 300 data types and mitigate potential risks to your business and customers.
Another way for companies to show a commitment to data privacy is by weaving caution into their culture. Training existing and new employees about best data handling practices adds another layer of protection to the business and its customers. Avoiding a data breach needs to be a team effort among employees, third-party vendors and other stakeholders that come into contact with sensitive information.
Data privacy is a topic that every industry should care about. Retailers have the potential to jeopardize customer debit and credit card information, healthcare organizations may experience a data breach that impacts their HIPAA compliance, and big tech could face hefty fines for missing the mark on GDPR compliance; the list goes on and on.
So, with that, happy Data Privacy Week! Join us in prioritizing data privacy every day — not just this week. And from all of us at Ground Labs, we wish you a secure and compliant New Year! Get started on achieving your data privacy and compliance resolutions for 2022 with data discovery, contact an expert today.