The US Version of GDPR Will Be a Nightmare

In a few years, U.S. based IT professionals may look back at the European Union’s General Data Protection Regulation (GDPR) and wish they had something as easy for their data governance regulation. California’s Consumer Privacy Act (CCPA) is part of the reason. CCPA is a refinement of GDPR; it has more severe fines and is more specific about data protection, regulation, and security. Unlike GDPR which a US business could rationalize (incorrectly) ignoring because it is just a European regulation, CCPA impacts any business doing business in California, which while it is not every US business, is a lot more than those impacted by GDPR.

Where is the Nightmare

The problem is that the US didn’t take the lead on data privacy at the federal level, leaving California and soon to be other states to their own devices to create their data privacy policies. The nightmare scenario is with 50 states each creating their own data privacy policy. Imagine having to align with 50 different GDPR-like policies. Data Management applications will need specific policies for each US state and then apply those to the state in which the customer or employee lives.

An advantage of states is that a US citizen can move easily from one state to another without much effort. However, we already have an issue with healthcare portability, and if each state adopts its own data privacy regulations, we will have a data portability problem too. Does the policy for the citizen apply to the state in which the citizen currently resides or in the state in which the citizen resided when the data was created?

The Commerce Clause May Save Us

The US has this sometimes ignored document, the US Constitution, in which there is a commerce clause. Congress has used this clause to justify exercising their legislative power over the activities of states and their citizens. While the use of this clause for these purposes has led to controversy, it seems an appropriate application when it comes to data privacy regulations. The US Congress will eventually need to step in and pass one data privacy mandate that organizations can apply consistently to all US citizens.

What to Do in the Meantime?

The road to a national US data privacy legislation is going to be long and bumpy. IT professionals need to prepare. At a minimum, they need to look at something other than backups for data retention and management. Ideally, they should seek out a solution that provides insight into the protected data, enables the finding and deletion of discrete parts of protected data and provides data management over primary data. Knowledge is power. Understanding what data the organization is storing, who owns that data and how sensitive that data is are all key to creating a strong foundation for data privacy.

Storage Switzerland has a lot of resources available for organizations looking to get ahead of the impending data privacy nightmare. A great place to start is our eBook “GDPR IS FOR EVERYONE – Designing a Data Privacy Infrastructure,” which is available as an attachment to all attendees of our short 15-minute webinar “Talking GDPR and CCPA.” In the webinar, we discuss the differences between GDPR and CCPA and how they specifically impact IT. Click here to sign up to watch the webinar and to access your free copy of “GDPR IS FOR EVERYONE – Designing a Data Privacy Infrastructure.”

Sign up for our Newsletter. Get updates on our latest articles and webinars, plus EXCLUSIVE subscriber only content.

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 22,131 other followers

Blog Stats
  • 1,482,478 views
%d bloggers like this: