01 Jun 3 New Privacy Regulations You Need to Know About
3 New Privacy Regulations You Need to Know About
15 June 2020 · 3 min read
The General Data Protection Regulation (GDPR) in Europe and the most recent California Consumer Privacy Act (CCPA) in America have sent waves through the digital, legal and business world. Over 1 billion dollars in fines have already been extracted by regulatory enforcers, and the onslaught of new privacy and cybersecurity regulations shows no sign of stopping.
Each regulation has different compliance requirements and areas of influence. It’s crucial for organizations to understand both current and upcoming privacy regulations to avoid heavy fines, a damaged reputation and lost clients.
New York’s Stop Hacks and Improve Electronic Data Security Law (NY SHIELD)
- What: The NY SHIELD Law is designed to regulate how businesses and organizations protect customers’ personal information.
- Where: The SHIELD Law covers any entity, including for-profit and nonprofit organizations, that collects the private information of New York residents, regardless of size or location.
- When: The SHIELD Law has gone into effect on March 21, 2020.
- Requirements: Under the SHIELD Law, organizations must implement reasonable administrative, technical and physical safeguards to protect personal data.
- Penalties: Each violation of the SHIELD Law can result in a fine of up to $5,000.
Illinois’ Data Transparency and Privacy Bill (DTPA)
- What: Inspired by the CCPA, the DTPA Bill aims to protect customers’ personal information.
- Where: The DTPA would apply to businesses conducting operations in the state of Illinois that involve collecting and disclosing personal information.
- When: If passed, the DTPA would go into effect on July 1, 2021.
- Requirements: The DTPA would give customers the right to know what personal data is stored and who else has access to it, as well as the right to opt out of data collection, the right to correct inaccurate personal information and the right to have their information deleted. Additionally, businesses would be required to conduct risk assessments on activities related to the processing of personal data.
- Penalties: Each violation of the DTPA could result in a fine of up to $1,000.
It’s crucial for organizations to understand both current and upcoming privacy regulations to avoid heavy fines, a damaged reputation and lost clients.
European Union’s ePrivacy Potential Regulation
- What: The ePrivacy Regulation is expected to replace the EU’s 2002 ePrivacy Directive, with a focus on protecting electronically transmitted data.
- Where: The ePrivacy Regulation, in tandem with the GDPR, will likely be uniformly enforced across EU member states.
- When: The ePrivacy Regulation is in advanced stages of preparation, but is not expected to go into effect before 2023.
- Requirements: To comply with the new ePrivacy Regulation, organizations including network and service providers will need to obtain consent to collect cookies and metadata for marketing purposes. Additionally, marketing calls will need to be clearly identifiable and will also require consent. Lastly, organizations will be obliged to treat electronic data, metadata and voice recordings as confidential.
- Penalties: Violation of the ePrivacy Regulation, similar to the GDPR, will result in a fine of up to 4% of worldwide revenues or 20 million euros, whichever is greater.
Navigating the Shifting Tide of Privacy Regulations
We live in a world where privacy regulations are becoming more stringent by the day. A single violation of any privacy law can result in a massive fine, loss of customer trust and irreparable damage to an organization’s reputation.
Fortunately, the right technology can make the process of privacy compliance efficient, secure and automatic. Start today by learning more about Prosperoware CAM, an enterprise privacy management platform for content systems, built on a unique approach linking process with governance.
CAM supports iManage, NetDocuments, Office 365 (Microsoft Teams & SharePoint Online), HighQ, and many more to come. Our platform enables organizations to improve processes around management of office documents and reduce risks related to privacy & cybersecurity.