Industry

New age of data privacy regulation: How businesses can prepare

It’s only a matter of time before new data privacy regulation is passed, so it’s pertinent that businesses prepare before it’s too late.

Icon of a lock representing privacy regulation
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways

Every company today is collecting and analyzing consumer data. It’s estimated that American companies alone spent over $19 billion in 2018 on consumer data, according to the Interactive Advertising Bureau. While this data is crucial for businesses, whether it’s verifying their identity or analyzing consumer behavior for personalized recommendations, its collection makes consumers vulnerable to identity theft and fraud — there’s a new victim of identity theft every 2 seconds.

In the past few years, data breaches like Equifax and Yahoo! have prompted consumers to increasingly scrutinize what companies do with their data, which in turn has put a spotlight on data privacy regulation.

We’ve already seen government entities at the international and state levels take action with GDPR and CCPA, but the U.S. lacks one clear federal standard. Our current laws on how data must be managed and stored are a patchwork of adjacent regulations like GLBA and HIPAA — they add some guidance on how data must be stored, but in order to protect consumers, we need baseline regulation on enforcing security measures and safeguards.

The Biden Administration has an opportunity to create these standards, which will provide clarity for businesses as well as protect consumers. GDPR set a fantastic foundation for us to learn from, and while GDPR is not perfect, businesses can expect that the U.S. framework will follow in its footsteps and start preparing now for new policies on the horizon that highlight encryption as the preferred mechanism.

Regulation expectations

Following in the footsteps of the GDPR framework, the Biden Administration is likely to enact regulation that will determine how businesses should store and manage data, enabling more rights for consumers around Data Subject Access Requests (DSARs), opt-outs, and redaction, ultimately putting consumers back in control of their data. Implementing policies aligned with the principle of least privilege to ensure data access is confined only to those who need it should be a priority for new regulation as well. This will decrease the potential for identity theft and fraud.

While solid federal baseline regulation is important, we’ll also continue to see states implement their own regulation. Illinois established the Data Transparency and Privacy Act, and California recently passed CPRA to significantly expand consumer rights around data protection. State regulation enables the entire ecosystem to evolve at a faster pace, as enacting federal regulation is a slow process. It allows for experimentation and sets a precedent that can be mimicked if it succeeds. However, the benefits of state-by-state regulation also bring new challenges in keeping up with multiple and differing laws that companies must navigate.

How to prepare

While both federal and state by state regulation will be an important step forward for consumer privacy, it will make compliance even more costly and nuanced. As companies struggle to adapt, we will see an increased number of privacy violations, and fines will only get more expensive. Companies must prepare before laws are put in place to avoid compliance issues — the right identity infrastructure is integral to success.

First and foremost, businesses must centralize their data. Storing data in many different places makes it difficult to track down and therefore hard to comply with regulations. And while data stored in one place can seem scary — what if there is a breach and hackers can access everything? — with the right security infrastructure, centralization will be key in helping comply with the regulation.

Automating the decision-making process for data management will be an important aspect of that infrastructure as well. Without humans reviewing sensitive data and fulfilling consumers’ data requests, it diminishes the risk of fraud. Both centralization and automation will enable businesses to quickly and securely manage and store data as well as execute redactions, DSARs, and opt-outs without mobilizing an entire engineering team.

Oftentimes, companies won’t have the resources or the technical expertise to create this infrastructure. At Persona, we provide that identity infrastructure, which we’ve built with privacy at its core. We enable our customers to comply with regulations from the beginning by designing our platform to limit access to sensitive data. We have a fully automated, centralized solution that acts as a “PII custodian” of sorts to protect customers from liability while having data easily accessible when necessary. Without humans reviewing end-users’ sensitive verification information, Persona ensures data access is shared with only those who need it, like access-granted employees of a given organization. We also allow customers to set custom retention and redaction policies so they can automatically redact customer data and stay compliant with the laws in place.

It’s only a matter of time before new data privacy regulation is passed. It’s an exciting step forward for consumers and businesses alike but it’s pertinent that we prepare before it’s too late.

Frequently asked questions

No items found.

Continue reading

Continue reading

Automate school account recovery requests with risk-based identity verification tools
Automate school account recovery requests with risk-based identity verification tools
Industry

Automate school account recovery requests with risk-based identity verification tools

Learn how online identity verification can help you automate and simplify your school’s account recovery process.

Guide to KYB in banking
Guide to KYB in banking
Industry

Guide to KYB in banking

A strong Know Your Business (KYB) program is the best way for banks and financial institutions to protect against fraud and other financial crimes.

How to detect ghost students and prevent student aid fraud
How to detect ghost students and prevent student aid fraud
Industry

How to detect ghost students and prevent student aid fraud

Online identity verification can help schools stop ghost students who steal student aid funds and disrupt classes.

Top GDPR statistics businesses must know
Industry

Top GDPR statistics businesses must know

GDPR is one of the most extensive regulations governing data collection. Learn who it affects, the types of data it covers, and more.

What the California Privacy Rights Act (CPRA) means for your business
Industry

What the California Privacy Rights Act (CPRA) means for your business

Learn how the California Privacy Rights Act (CPRA) differs from the CCPA, the implications for your business, and how to prepare.

A safe place for all your PII
Product

A safe place for all your PII

PII storage to suit all your compliance needs, enabled by Accounts.

Ready to get started?

Get in touch or start exploring Persona today.