The May 25th EU GDPR deadline might have been less than 2 months ago, but it’s clear that the ripples from the groundbreaking act have already begun to make their way “across the pond” into the United States. This was evident just last month when The Golden State unveiled their “California Consumer Privacy Act” which sets restrictions on how organizations harvest and use data, and perhaps kicking off the beginning of the aptly named “Privacy Movement.”
In what could end up being the first major domino to fall in the US, this legislation has the potential to, “…generate new momentum for privacy initiatives at the federal level as well as in other states.”
California isn’t the first state to put a heightened importance on people’s privacy, though. In fact, Vermont just recently “…passed the country’s first law regulating data brokers, which are essentially companies that sell people’s information.”
And it’s worth noting that there could be renewed interest in previously proposed privacy bills, like the “Social Media Privacy Protection and Consumer Rights Act of 2018” designed to regulate Facebook and Google’s data collection, and the “Browser Act” which would put consumer privacy protections in place for internet users.
No matter your political viewpoints or whether you agree with these bills or not, this is big news for companies that store data (i.e. pretty much everyone).
As the great Bob Dylan once said, “The Times They are a Changin’.”
Organizations are no longer getting a free pass when it comes to what data protection tools they have in place and complacency or ignorance will not be tolerated. Consumers today are more informed about and invested in the protection of their data. Assuming this trend continues, in the very near future, it will be up to organizations all over the world to safeguards in place to protect it, likely facing steep fines if compliance is not met.
Simply knowing who has access to it and what they’re doing with that access should be the crucial first step.