Page 77 - Cyber Warnings
P. 77
Privacy Babel: Making Sense of Global Privacy Regulations
In the world of data privacy, the European Union General Data Protection Regulation has
grabbed all the headlines. As much of a landmark piece of legislation the EU GDPR is for any
company or organization that stores or processes EU citizen data, it’s by no means the only one
that global organizations must now navigate.
US regulators such as the FCC and FTC are stepping up their game to regulate digital identity,
while in Canada, Australia and Singapore as well as Russia, privacy requirements are tightening
up — and getting some teeth.
While in the US, federal agencies like the FTC, FCC and even even sectoral regulatory bodies
like the SEC, CFPB, FINRA have become more vigilant around privacy enforcement, individual
states are also becoming more proactive in around privacy and consumer data protection.
The latest example is the expansion of the Florida breach notification requirements under FIPA
(The Florida Information Protection Act) which now mandates that the state Attorney General
is notified in the event of a breaches, and that covered organizations consult with local law
enforcement.
Globally, some 65 countries have either passed new privacy legislation in the last year or have
legislation pending — including China and Brazil. The impetus for the growing emphasis on data
privacy and protection is more widespread consumer unease about the impact of digital business
on the privacy of their data — compounded by ongoing breaches to extract personal data.
Regulators and legislators across the globe are intensifying efforts to spell out requirements for
collecting, storing, processing and sharing consumer and customer data.
The Cost of Negligence
Regardless of the jurisdiction or the point of
departure for regulators, the point of commonality
is that organizations must demonstrate
responsibility and transparency in the storage,
processing and transfer of private data, and
operate on the basis that are now custodians of
personal and private data.
Along with clear statements of intent for data
collection and consent from consumers and customers, organizations must provide a privacy
policy.
The specifics of the legislation — whether in terms of consumer rights such as the “right to be
forgotten”, data retention requirements or the need for data privacy officers — may vary widely by
77 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
