
The Ground is Shifting! The Changing Privacy and Regulatory Landscape


Richard Mendoza, Senior Director, Data Privacy & Regulatory Compliance, Realogy
The General Data Protection Regulation (GDPR) enacted in 2018 in the EU changed the face of Data Privacy not only in Europe but the world. This sparked a paradigm shift in how nations globally process, transmit and store personal information. The social media explosion experienced across the world provided people a vehicle to share and post information about themselves and their lives. This was great for these platforms as it created endless free content, but laid the groundwork for a great reckoning starting with the GDPR and domestically with the enacting of the California Consumer Privacy Act (CCPA).
The Data Privacy principles engrained in several regulatory measures governing users personal information provided data subject rights and recourse for information being used outside of how it was collected, stored longer than needed, and being sold to marketers. The client/consumer “bill of rights” concept has put the data subject back in control of their personal information. Organizations have been hoarding consumer data for decades and are now being forced to shift their policies, procedures and culture have been a tectonic shift and the shockwaves are massive. Most organizations are not positioned to handle the subsequent requests and tasks associated with these laws and with many states jumping on the GDPR/CCPA principles, it is straining budgets and shining a light on the immaturity in his space.
“Organizations have been hoarding consumer data for decades and are now being forced to shift their policies, procedures and culture have been a tectonic shift and the shockwaves are massive”
Another major change is the move away from Personal Identifiable Information (PII) to Personal Information (PI). The importance of this shift in thinking cannot be understated, and its tentacles touch every aspect of the privacy and public sectors. The midshaft to the realization that every data point about the “natural” person needs to be protected to its highest levels is earth[1]shattering. We have been told for years that if the data was not your social security number, driver's license, or credit card number you have nothing to worry about. This is no longer true in this new millennium, and your email address if released could pose harm to a person, and it must be protected.
Finally, what is the recourse of states if you decide to disregard these regulatory controls? Well…, the punitive damages can be severe, but the potential private right of action could put your organization in a never-ending hamster wheel of litigious activity. The ultimate costs of the fines, legal discovery, and remediated could push into the millions. If you think that sounds bad, it gets worse! Many states are using these new laws as potential revenue generators, and with the financial impact of Covid-19 being felt in every sector, states are looking for ways to fill those budget gaps. What better way than to do it under the guise of protecting people's data.
How do we safeguard ourselves and place our organization in a defendable position when the regulators come knocking? I have a few suggestions which can assist you in this journey.
Remember, there is no perfect approach to solve this problem, but these steps will position you and your organization to respond to an inquiry:
• Encrypt data in transit/at-rest
• Mask/obfuscate PI in unsecured development regions.
• Have a process and infrastructure to respond to data subject access requests
• Delete data after its usefulness has ended, and do it automatically
• Have evidence of your controls. Trust but verify! Doing these things along with other proven data security techniques should provide your organization with a defendable approach in the event of a regulatory matter.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Building and Maintaining a Risk Averse Security Program
The Race to Digitize the Insurance Industry
FinTech Down, "But Not Out"
The Softer Side of Directing Digital Transformation
Why Digital Transformation Matters in 2023
Asset Tokenization Disrupting Finance and Trade of Real-world Assets
