When it comes to cybersecurity and data privacy regulation, most U.S. businesses look at Europeans with a certain degree of smugness. After all, Europeans must deal with the onerous GDPR (General Data Protection Regulation). European organizations can use an individual’s data only in very specific circumstances and they have to allow them to exercise several rights. And if a European business fails to comply with the GDPR, they can be subject to very large fines: up to €20 million (about $16.3 million) or 4% of their global gross revenue.
In contrast, most American businesses feel that they do not have to worry about such regulations. However, this concept is totally false. Compliance for Americans can be far more complex than for Europeans and will undoubtedly get much, much more complicated.
That’s because, unlike Europe, we have a patchwork of data protection laws and regulations that may catch the unwary or the uninformed out, and that come in many different flavors. Europe only has one law – the GDPR.
There are four types of cybersecurity and privacy laws. Some only deal with cybersecurity, for example the NYDFS in New York. Others only deal with privacy, for example COPPA (Children’s Online Privacy Protection Act). And there are breach notification laws and hybrid laws. The GDPR is an example of a hybrid law, as it covers privacy, cybersecurity, and breach notification.
The Alphabet Soup of U.S. Privacy Law
Let’s start with federal laws. Not the laws passed by U.S. Congress that apply to private parties, but the laws that apply to the U.S. ..
Support the originator by clicking the read the rest link below.
