GDPR, CCPA and the NIST Privacy Framework, OH MY!
Like Dorothy in The Wizard of Oz, those of us concerned with privacy regulations seem to be following a yellow brick road. Although where this one ends there’s no all-powerful and all-knowing man behind the curtain… (Be warned, I’m going to hit this “Lions and Tigers and Bears” analogy hard throughout the post.)
Much like when Dorothy, the Tin Man and the Scarecrow quickly determined that the lion was cowardly and had no teeth, most US-based SMBs quickly learned that the initially frightening GDPR lion was a bit “toothless,” as there was no feasible way an EU entity could penalize them for noncompliance. So many SMB’s largely ignored it.
Further down the yellow brick road, despite their fears, Dorothy, the Tin Man, the Scarecrow and the Cowardly Lion were fortunately spared from any Tigers. But SMBs were not so lucky. CCPA pounced shortly after the GDPR Lion joined us, and this Tiger has teeth (the California Attorney General). Thus, we have reason to hold on to this Privacy Tiger’s tail for fear of getting bitten.
As they continued further down the yellow brick road, Dorothy, the Tin-Man, the Scarecrow, and the Cowardly Lion were even more fortunately spared from encountering any Bears. Alas, SMBs are not so lucky, as they met a bear of a standard: the privacy framework
