2019 The Year of Data Regulations

Data regulation is now a strong, permanent feature of the IT landscape.

Over the past year, a series of sweeping regulations have come into force that have brought change on entire industries.

Global business will have to operate in a new data environment in 2019.  With the year coming to a close, this is the opportune time for companies to recap on the most important laws governing digital data.

GDPR
The EU’s General Data Regulations (GDPR) was a game changer for Europe.  While earlier laws governing digital information prohibited specific infractions, GDPR was a paradigm switch, forcing organizations to completely revamp their practices and institute privacy by design.  However, in the six months since entering into law, the effects of GDPR have been minimal. While many companies have instituted changes to their protocols, the fundamental shifts regulators hoped for have been slow to come about.

Many experts are saying that it’s just a matter of time . Heavy fines from GDPR violations haven’t yet been reported.   Additionally, the infrastructure of enforcement simply hasn't had time to come into its own.   2018 was GDPR’s year codification. 2019 will almost certainly be the year of enforcement.

California Privacy Act
Back in June, privacy advocates recently succeeded in one of the fastest legislative maneuvers in history by passing the California Consumer Privacy Act  (CCPA). Under the law, data collectors are now obliged under “the right to opt out” essentially the ability for users to object to their data being distributed or sold. Companies will also be required to “maintain reasonable security procedures and practices appropriate to the nature of the information”, ie the more sensitive, the more protection.

California’s privacy regulations will not become law until January of 2020. However, the more immediate effects of CCPA is its influence on the larger debate over US data laws. The regulations are likely to fuel the efforts of privacy advocates across other states. Even discussions on federal privacy  laws have been influenced by the CCPA.

National Breach Notification Law
The Gramm-Leach-Bliley Act, commonly known as GLBA, has been on the books since 1999.   The Act was revolutionary for its time, being one of the earliest data regulations in the modern era.  The federal law requires financial institutions to explain how they share and protect their customers’ private information. Compliance of GLBA is not particularly demanding.   The main section of the law, the Safeguard Rules require companies have an employee designated for data security, maintain a security program, and test it somewhat regularly.

A few months ago, the House Financial Services Committee introduced a bill  that would profoundly amend the GLBA.  These new rules would supersede a multitude of the state-level laws currently governing data collection, possibly putting an end to major regulations such New York’s DFS regs.  Perhaps the biggest change would be a “national breach notification law” for the financial industry.  As the name would suggest, the notification law would require companies notify users of a breach within a very short time period after it’s identified.

Cybersecurity and Infrastructure Security Agency Act
President Trump signed the Cybersecurity and Infrastructure Security Agency Act  (CISA) into law in mid November.

The repercussions of this bill turning into policy were tremendous. CISA essentially codifies the notion of data security being critical national infrastructure, and authorizes the administration to protect it as such.  Under CISA the Department of Homeland Security 9 was charged with assessing risks and threats associated with data systems, and force organizations to comply with safety measures.  This important law has had little time to get of the ground.    2019 will be the year the U.S. begins to feel repercussions of CISA.

Complacent attitude towards a data breach

Data breaches are the cost of doing business.   At least this is the complacent attitude often taken by many in the business world today. While it is true that cybercrime and the risk of data loss aren’t going away within the near future, many users fail to realize the level of prevention they have…
Read more

Addressing Insider Threats with Cybersecurity

IT Technology Our ever expanding IT technology is creating major changes in the way enterprises handle their data. While the expansion and diversification of computation tools has brought tremendous growth to the IT industry--as well as the business that utilize them--the new trends have come with a price. As organizations expanded their workloads and modernized…
Read more

Data Centric Auditing and Protection

Today is the era of big data.   The volume of information that requires storage, processing, and assessment is growing at an exponential rate.   What this means for enterprises, is that new methods for managing digital data are becoming a necessity.   Nowhere is this need felt more than when it comes to data security…
Read more