The European Union’s (EU) General Data Protection Regulations (GDPR) came into action in a little over a year ago, and have since been stirring up questions about data protection in other parts of the world. The United States has finally decided to take some initiative to secure American’s privacy by holding hearings regarding a federal data privacy framework. While the Senate members on both ends of the political spectrum agree that privacy is needed online, there is some controversy about how to go about it.
Current Data Privacy Laws
The National Conference of State Legislatures states that there are currently at least 25 states that have data protection laws relating to private sector entities. The majority of these laws require businesses who own, license or maintain the personal information of a resident of that state to have reasonable security procedures and practices. In addition, personal information must be protected from unauthorized access, destruction, use, and modification. The current laws can fall into one of four categories:
The Most Influential States
While each state has its own version, the standard against which the federal law will be measured is the California Consumer Privacy Act (CCPA). This Act follows the GDPR very closely and has three major goals it hopes to accomplish:
California is not the first to implement more stringent laws. Vermont currently has a data broker law that requires data brokers, who sell consumer information to hundreds of sources, to register with the state. They are also prohibited from using that information for fraud and will be charged with a criminal offense if they do so.
The Biometric Illinois Privacy Act requires that companies obtain consent from individuals if they will disclose biometric identifiers, and must store them securely and destroy them in a timely manner.
Early Attempts at Data Security
One early attempt at a privacy bill was the American Data Dissemination Act, which would require the Federal Trade Commission (FTC) to submit detailed recommendations for privacy requirements. These would be passed on to Congress, who would decide on the recommendations and impose them on tech companies. This bill failed as it did not adequately address the problem at hand.
Senators from the House Committee on Energy and Commerce have already held a hearing in February where they pitched what they believe should be contained within a federal privacy bill. It seems that all lawmakers want data privacy laws that encompass all categories rather than specific coverage like the HIPAA laws.
Some of the points of contention in the hearing were:
No Solution with the Clock Ticking
There has still been no official move to create a federal data privacy law as both political parties are arguing over how strict the bill should be. Among the many issues brought up at the hearing, senators also take issue with individuals suing companies over data misuse, saying it would perpetuate a culture of constant legal battles. The solution was to hire a regulator to enforce the rules, thus removing the need for legal action.
The Senators hope to pass a federal law before the CCPA takes effect on January 1, 2020, to effectively overrule California’s law. With time running out, if a federal law is not created soon, the nation may look to the west coast as the default data privacy regulations.
With Secure Data, you do not have to worry about your privacy being compromised. We are an SSAE 18 audited company and operate a Class 10 ISO 4 Cleanroom for all of our data recoveries. We take the highest precautions to protect your personal information throughout the recovery process and send your information back on hardware encrypted and FIPS 140-2 Level 3 validated secure storage solutions. For more information on our practices, call 1-800-388-1266.