Site icon Sophos News

Data privacy laws, compliance to take center stage in 2023 and beyond

Not so long ago, on-premise data centers meant that data privacy compliance was reasonably straightforward. With data increasingly moving to the cloud, however, concerns about control, sovereignty, and privacy are coming to the forefront.

Today, it’s almost impossible to live online without disclosing personal information. Visiting most websites and using most apps leaves behind a goldmine for data analysis firms to sift through on behalf of their corporate clients. Tools like AI and machine learning can be leveraged to reveal a lot of sensitive information about a person: location, interests, health status, political views, and more. Such advancements have left people worried about the potential misuse of their personal data by corporations, governments, and malicious actors.

Because of these concerns, many nations are looking to improve or are in the process of creating data privacy laws. These laws are meant to protect and more effectively control the personal data of their citizens.

GDPR: a model for data privacy laws

Among the most significant international data privacy laws is the European Union’s GDPR (General Data Protection Regulation), which went into effect in 2018. Any organization — regardless of where it’s headquartered — that targets or collects data from people and businesses in EU member nations must comply with the law. The GDPR became the guiding light for many subsequent data privacy laws globally. Today, more than 100 countries worldwide have enacted their own data privacy laws that address the fundamental right to privacy for an individual.

The state of data privacy in the U.S.

The United States still does not have a national data privacy law. However, the American Data and Privacy Protection Act (ADPPA) could soon be codified into law to become the first federal data privacy law in the US that protects individual privacy rights.

Meanwhile, a growing number of states in the U.S. have enacted their own data privacy laws. California leads the pack with the California Consumer Privacy Act (CCPA) that went into effect in 2018. It’s arguably the strongest privacy law in the United States, with states like Virginia and Colorado close on its heels.

Here is a list of the new state data privacy statutes scheduled to go into feffect in 2023:

Last year, legislators in nearly 30 other states contemplated bills offering varying degrees of consumer privacy protection. Some of them may be reintroduced in 2023 legislative sessions along with other new bills in the works.

Data privacy laws from around the world

The future of data privacy

As the reality of hefty fines and penalties for violating data privacy legislation hits closer, companies will be investing more time and resources to establish robust internal compliance programs.

Governments and legislative bodies will together press for greater enforcement of existing laws like the GDPR and CCPA. In 2023, expect more emerging data privacy laws addressing privacy concerns arising from data collected by Internet of Things (IoT) devices and other connected devices. As individuals become more aware of the dangers of misuse of their personal data, how their personal data is handled and processed will impact their faith in a business and determine the company’s profit.

To win user confidence and to manage business reputation and compliance, companies will need to invest more in privacy-enhancing technologies (PETs) where user insights take precedence over user identity.

Google’s Privacy Sandbox initiative limits sharing of user data with third parties and operates without cross-app identifiers to create technologies that protect people’s privacy online while giving companies tools to build profitable businesses. Companies like DSpark aggregate and anonymize highly sensitive personal mobility data, converting it into insights on shoppers’ demographics and behaviors, the number of unique visitors, total footfalls, and more. DSpark markets this data without selling or transferring sensitive personal data.

All things considered, data privacy is a global concern. Since many companies operate across borders, we may see nations collaborating for over-arching data privacy legislation covering all nations, businesses, and people.

Summary

The protection of citizens’ personal data is a huge concern for governments around the globe. Laws are being formalized to control the kinds of personal data that can be collected, and how it can be used, stored, and shared. Compliance with global data privacy laws is obligatory for every business: not only for financial liabilities like expensive lawsuits and hefty fines that non-compliance can bring, but it’s also a trust issue: consumers sharing their personal data expect it to remain private.

Sophos solutions offer multiple ways to ensure that personal data remains safe, putting organizations a step ahead when it comes to meeting regulatory requirements. Take a look at our compliance solutions section to learn more.

Exit mobile version