For businesses in the United States, GDPR was an eye-opener. It highlighted how different the EU attitude towards data privacy was from that at home. But that difference is getting smaller. Attitudes in the United States are shifting and getting closer to the European standard. California passed a major data privacy act and other states are taking action on data privacy as well. It’s likely the federal government will step in at some point to ensure privacy requirements are consistent across all 50 states.
Businesses that were affected by GDPR and have integrated data privacy-thinking into their IT design and management processes will have a head start on complying with any new privacy requirements mandated in the US. For other businesses, the key point to recognize is that this new approach to data privacy requires new thinking about data as well as new tools and policies for managing it. Data privacy procedures need to be built into applications as they’re developed, not bolted on afterwards.
Many of the approaches taken to meet GDPR requirements can be applied to meet whatever new data privacy requirements are imposed in the US. Above all, companies need to become much more aware of the data they collect, especially where there is personally identifiable information (PII). They should collect only the information essential to conducting business, and they need to store this data with strong security around it, including encryption. There need to be tight controls around the use and re-use of data; consumers no longer accept that data collected for one purpose may be used for a new purpose at some point in the future.
In addition, businesses should assume they’ll need the ability to query and retrieve all the PII they’ve collected around an individual. They should not assume data is immutable. Data will need to be able to be corrected, and businesses need to have policies to do that and distribute the change everywhere the data is used. Applications also need to be built with the ability to delete data.
Many companies struggled to meet the challenge of GDPR because they didn’t have strong data governance controls in place. Companies that design with privacy in mind will be better positioned to comply with any new data privacy regulations that are implemented. In both cases, tools from Veritas help with discovering and managing data to protect privacy while enabling your business to work with data and grow. Contact VAST IT Services to learn more about new attitudes towards data privacy and how you should prepare your business for the upcoming data privacy laws.