As new
privacy regulations are continually evolving, companies will invest more in
privacy technologies to gain users trust and avoid penalties.
Data subjects
under the Privacy Rule are becoming more conscious about their rights and
wanting to safeguard their personal information. It is no surprise to see
countries around the world adopt data privacy regulations, which outline the
rights consumers and employees have to personal data usage by businesses,
impose penalties for breaches of personal data, and require businesses to keep
data only as long as necessary.
To guard
against the risks of identity theft and other cybercrime, governments across
the globe, as well as in the United States, have passed laws protecting
personal data. These efforts started as a trickle, responding to an early
threat from cybercrime and identity theft, but now they have grown into a
torrent of requirements, which vary from Europe to South America to California
to New York.
This
legislation expands the reach of consumer privacy and provides better
protections for people against data breaches to their personal information.
In
America their new bill substantially strengthens the existing data security
laws, expanding what types of personal data companies must inform consumers
about if they are exposed to a breach, and requires companies to establish,
implement, and maintain reasonable protections to safeguard the privacy,
security, and integrity of personal information.
The act
contains some similarities with provisions in the European Union’s General Data
Protection Regulation and the California Consumer Privacy Act. In some aspects
the new bill is very similar to the General Data Protection Regulation (GDPR)
and other privacy legislation around the world.
The CDPA
provides certain rights similar to those of GDPR, as well as requirements on
data protection and contractual provisions. In addition to creating rights
schemes after individual rights in the GDPR, the CDPA requires provider data
security and contract provisions, as well as assessments of high-risk
treatment. CDPA similarly creates rights patterned after those of GDPR,
requiring data minimisation, security, and assessments for high-risk
processing.