Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above?
If you answered “all of the above,” you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned a well-intentioned requirement into a dilemma for enterprises, which the law ultimately holds responsible for noncompliance.
The critical challenge for enterprises is not how many data privacy regulations there are. Instead, it’s how to get more clarity on what the regulations require of them. Claiming success is difficult when that finish line is elusive. Here’s how organizations can navigate these challenges.
A Tangled Net of Data Privacy Regulation
In the United States, 35 of 50 states have at least considered data privacy regulation. California, New York, Colorado, Connecticut, Utah and Virginia have all enacted comprehensive consumer data privacy laws — the common thread between them being the right to access and delete personal information and opt out of the sale of personal information. While most laws are modeled after the California Consumer Privacy Act (CCPA), that regulation is being amended by the new California Privacy Rights Act (CPRA). These amendments will establish a separate state data privacy agency and require data rights requests to include employee data.
Across the Atlantic, the European Union (EU)’s General Data Protection Regulation (GDPR) grapples with its own unique challenges. For example, Ireland’s data privacy board — which serves as Meta’s primary regulator in the EU — meeting today complex privacy challenges
