P2P

Summer22

Peer to Peer: ILTA's Quarterly Magazine

Issue link: https://epubs.iltanet.org/i/1472128

Contents of this Issue

Navigation

Page 16 of 92

O ver the past several years, there has been much consternation about two game-changing privacy laws: the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). GDPR, legislation enacted four years ago in response to the USA Patriot Act and concerns that the US government had given themselves carte blanche to access data from any US servers anywhere in the world, has had mixed reviews, with many still unsure about application and "punishment." Businesses subject to the CCPA, and who sprinted to get into compliance by January 1, 2020 effective date, are now in the middle of a secondary readiness assessment and have to remap their previously-deployed processes and technical solutions to meet requirements under The California Privacy Rights Act (CPRA), also known as Proposition 24, and sometimes referred to as "CCPA 2.0", to avoid penalties for regulatory enforcement and/or private enforcement/penalty rights. Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world's population. Indeed, privacy regulations are sprouting up quickly, with more than 30 states (including New York) considering consumer privacy bills and the International Association of Privacy Professionals' (IAPP) state privacy legislation tracker reporting 17 US states with pending data privacy legislation. As of this writing, five states (California, Colorado, Connecticut, Utah and Virginia) have specific data privacy protections on the books. Recently passed global privacy laws such as China's Personal Information Protection Law (PIPL) are also adding to the complexity, and each regulation varies on what rights and obligations apply. With so much new legislation to navigate, how are you supposed to keep track of which way is up or down? Here we'll dive more into security and privacy across the US, preparing clients for how this affects them, and tips for getting a handle on privacy laws. Privacy vs Security Privacy and security are often referred to as siblings when it comes to how they relate and depend on one another. Data privacy is focused on the use and governance of personal data — things like putting policies in place to ensure consumers' personal information is being collected, shared, and used in appropriate ways. Security focuses more on protecting data from malicious attacks, bad actors, and the exploitation of stolen (or lost) data. While security is necessary for protecting data, it's not sufficient for addressing privacy. Utah Trendsetters? In late March 2021, Utah enacted the Utah Consumer Privacy Act (UCPA), becoming the fourth state after California, Colorado, and Virginia to enact its version of data privacy protections. This time, however, lawyers are noticing some key differences from preceding laws — the Utah regulation poses fewer obligations to businesses than other ones around the country. Some lawyers think Utah's business-friendly approach may set the tone for other states given the difficulty of local privacy laws and the need to balance consumer and business interests. Will the Utah law signify a trend of more "fairness" to consumers and businesses alike, and/or more privacy bills that do away with the more highly-contested rights? If so, we might see more states go down this path of less resistance. The potential trend of eliminating contentious obligations is evident in the UCPA which omits a right of appeal to consumers, a right of correction to consumers, and a data privacy assessment requirement. This "relaxed" enforcement helps companies as they harmonize against 17 I L T A N E T . O R G

Articles in this issue

Links on this page

Archives of this issue

view archives of P2P - Summer22