In a few years, U.S. based IT professionals may look back at the European Union’s General Data Protection Regulation (GDPR) and wish they had something as easy for their data governance regulation. California’s Consumer Privacy Act (CCPA) is part of the reason. CCPA is a refinement of GDPR; it has more severe fines and is more specific about data protection, regulation, and security. Unlike GDPR which a US business could rationalize (incorrectly) ignoring because it is just a European regulation, CCPA impacts any business doing business in California, which while it is not every US business, is a lot more than those impacted by GDPR.
Where is the Nightmare
An advantage of states is that a US citizen can move easily from one state to another without much effort. However, we already have an issue with healthcare portability, and if each state adopts its own data privacy regulations, we will have a data portability problem too. Does the policy for the citizen apply to the state in which the citizen currently resides or in the state in which the citizen resided when the data was created?
The Commerce Clause May Save Us
The US has this sometimes ignored document, the US Constitution, in which there is a commerce clause. Congress has used this clause to justify exercising their legislative power over the activities of states and their citizens. While the use of this clause for these purposes has led to controversy, it seems an appropriate application when it comes to data privacy regulations. The US Congress will eventually need to step in and pass one data privacy mandate that organizations can apply consistently to all US citizens.
What to Do in the Meantime?
The road to a national US data privacy legislation is going to be long and bumpy. IT professionals need to prepare. At a minimum, they need to look at something other than backups for data retention and management. Ideally, they should seek out a solution that provides insight into the protected data, enables the finding and deletion of discrete parts of protected data and provides data management over primary data. Knowledge is power. Understanding what data the organization is storing, who owns that data and how sensitive that data is are all key to creating a strong foundation for data privacy.
Storage Switzerland has a lot of resources available for organizations looking to get ahead of the impending data privacy nightmare. A great place to start is our eBook “GDPR IS FOR EVERYONE – Designing a Data Privacy Infrastructure,” which is available as an attachment to all attendees of our short 15-minute webinar “Talking GDPR and CCPA.” In the webinar, we discuss the differences between GDPR and CCPA and how they specifically impact IT. Click here to sign up to watch the webinar and to access your free copy of “GDPR IS FOR EVERYONE – Designing a Data Privacy Infrastructure.”