Author: SCCE / Source: The Compliance and Ethics Blog
By Alex Wall, Esq., CIPP/US CIPP/E
Senior Global Privacy Officer
RADAR, INC. https://www.radarfirst.com/
Privacy laws at the state and federal level are a changin’. The latest emerging developments I’ve seen are: increasing stringency in state laws, varying penalties for noncompliance across state jurisdictions, and recent federal penalties. What these laws could mean for future enforcements can be angst-inducing.
With that in mind, I want to reiterate a few words of encouragement I have for privacy professionals ere working hard under strained resources in a constantly changing landscape: You are doing good and important work. In the privacy profession, we are charged with protecting our organizations and protecting consumers by determining best practices for protecting data, selecting what data can be used, and in what way we can use that data. This is no small task. When it comes to thinking about how data needs to be managed in rapidly evolving environments, privacy professionals are at the forefront.
Major Takeaway: Overall Increased Stringency and Complexity
As anyone in the privacy profession will likely opine, working with sensitive and regulated data does not appear to be getting any easier anytime soon. Consider:
- At a state level, data breach notification laws are becoming increasingly complex and stringent. More states are shoring up the parameters, which might require notifications to agencies and impacted individuals, including when and how these notifications take place.
- If you’re not compliant with state notification requirements, penalties for noncompliance in each state are similarly complex and vary widely. Some states may allow for several potential consequences and large maximum fines, while others may be more ambiguous in enforcement of penalties. Dealing with multi-jurisdictional data breaches could mean compounded penalties.
- Early January of 2017, the Office for Civil Rights (OCR) announced the first ever enforcement settlement for lack of a timely breach…
Click here to read more