Data and information privacy were thrust into the spotlight in 2017 and 2018 with the discussion and passage of the General Data Protection Regulation, or GDPR. Facebook was called to testify to Congress in 2019 in response to how it handled consumers’ data. These major events are only the beginning of a paradigm shift in data privacy.
Although some of these trends have been in motion or could be considered ongoing, we expect them to ramp up rather than slow down. Each of these should be a major concern for your company going forward, as they could not only cost you significant amounts of money for non-compliance but also severely harm your brand image.
2020 saw the implementation of the California Consumer Privacy Act, or CCPA. Likewise, Maine and Nevada have seen privacy laws upheld in courts and passed in their state legislatures. Expect more U.S. states to pass similar laws in the near future.
According to the AACRAO, 11 states have data privacy legislation in the works, including New York, Pennsylvania, Florida, and Illinois. Calls for federal information privacy laws have also grown, although these would likely be softer than the laws individual states impose.
Beyond the U.S., the United Nations Conference on Trade and Development notes that 132 of 194 countries have some form of privacy law enacted, with another 20 looking to do so.
In response to this patchwork array of legislation, companies are scrambling to respond. For some companies, that means taking the strictest legislation and applying its rules to all operations across the company. Microsoft did precisely that when it announced it would extend the CCPA and GDPR’s rights to all customers regardless of location.
Perhaps it’s the extra time in quarantine that has people wound up, but cyber-attacks and data breaches are on the rise in 2020. More likely, the fact that everyone is working online has made it difficult for companies to manage endpoint data, creating a wealth of opportunities for attackers. A recent survey showed that attacks on consumers were up this year, and a study from April this year showed a “COVID effect” with 94% of executives reporting an attack in the past year, and 78% predicting an increase for the next two years.
If your business’ data is breached, you can be fined in jurisdictions that have privacy laws. But even when that isn’t a concern, the damage to your company’s reputation can be incalculable. With constant external threats to your data, you need to take steps to ensure that your information is secure.
Speaking of fines, expect these to increase in frequency and volume as attacks continue to occur. At the time of writing, the EU has imposed almost 78 million euros (about 92 million U.S. dollars) in fines so far this year. The California Attorney General began CCPA enforcement on July 1st, and many businesses are now facing the threat of hefty fines.
It can be tempting to chalk this up to growing pains as businesses adapt to the new laws. While that might explain some of the incidents, the growing risk of cyber-attacks and the always-present possibility of employee error mean that fines will continue to occur if businesses don’t take active measures now to manage their data privacy.
Regarding employees, it’s important to realize that human error is the cause of many data breaches. Although few of these incidents are intentional, many are the result of phishing attacks that trick employees into giving up access to private data. The largest data breach on record to date is Yahoo’s massive leak of hundreds of millions of accounts. It was the result of a phishing attack.
A strong information privacy strategy needs to train its employees to prevent attacks. It also needs to limit the potential damage a single employee can do. Smart data management can make it so that even if an employee makes a mistake, the damage cannot spread throughout the entire organization. Even better, a tool that automates data governance and compliance, taking many data tasks out of the hands of employees, reduces human error and allows your team to focus on bigger-picture issues.
revealed that the number of individuals who care about privacy is growing rapidly. “Privacy actives,” as they are called, tend to be younger and more affluent. They’re also quite willing to abandon a company that fails to protect their data. About a third of those surveyed stated they had already taken action by switching companies or providers.
We expect the number of privacy actives to continue to grow, and it may not be limited to millennials and Gen Z. As scandals and breaches continue to mount, expect most people to become more concerned about privacy.
Aparavi’s data management platform provides solutions to these worrying trends. Our Platform is automatically updated for emerging data legislation to ensure that your data complies with the highest standards. It consolidates your data, eliminating data silos and making it possible to have a comprehensive, enterprise-wide strategy.
In addition, you can have better control over employee access to data, limiting potential damage from cyber-attacks and saving you from costly fines. With intelligent data management in place, you can proudly boast to your customers about your data practices and avoid damage to your brand. Contact Aparavi today to find out how we can help you face the information privacy challenges of 2020 and beyond.