By now it's safe to assume you've heard of GDPR and maybe even CCPA (especially if you're operating in California), but do you really know what they mean? Or if they apply to you? Or to your business? In a world where we increasingly share personal information we must reject the idea that privacy is outdated. In fact, we need it now more than ever.
If you run an enterprise retail operation, you know that your business collects data- LOTS of data. Data about your customers, data about your employees, data about your partners, etc. Even modest sized retailers can hold millions of records of information.
You might think that your business owns that data. You collected it, you paid for it, it should belong to you, right? Wrong. Laws are changing. If the data that your business collects is information about individual consumers, it probably does not belong to you. It belongs to the individual. Even though the data resides on your computer, even though you paid for it, even if it is information that is unique to your business, if it describes a real person, it belongs to the individual, not you.
This is because legislators all over the world are rushing to pass new consumer privacy laws. Laws like the EU General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA) create a new fundamental human right, the right to control your data. These laws say the data about individuals belongs to the them, not to the companies that collect the data. And the law makers are giving these laws teeth. Companies face millions of dollars of penalties for failure to comply.
That means all of that information that you are storing on your computers, could be toxic to your business.
Many of you reading this might say, “this can’t really apply to my business, does it?” The answer is maybe. But even if you aren’t affected right now, be assured it’s coming.
In the United States at the time of writing this article, there is no single, comprehensive federal law that regulates the collection and use of personal data. But there is an “alphabet soup” of overlapping federal and state data privacy laws including HIPAA, FCRA, FTCA, GLBA, CAN-SPAM, that have been established. (extra credit for anyone who knows without looking on the Internet what each of those acronyms stand for!) This means that the majority of businesses operating in the USA today, face some form of federal data protection regulation.
In addition to the alphabet soup of federal laws, there are also numerous state laws that regulate data protection. In addition to the California CPA law, 13 additional states including Florida, Massachusetts, and Texas have data protection bills currently moving rapidly through the state legislatures to become laws.
This means that over the next several years, virtually every business in the USA will be required to operate under some form of consumer data privacy regulation.
If you’re a operating a field service company, that means you too.
Although each of these regulations uses different language, different penalties, and different applicability, each of the regulations basically tries to establish a set of fundamental rights that protect citizens from others using their data in ways that are detrimental to the individual. These set of fundamental human rights in some ways form a Personal Privacy Bill of Rights based on the following principles:
Control – Individuals have the right to be able to control how organizations collect and use their personal data.
Transparency – Individuals have the right to easily view and understand what information businesses are collecting about them and how they are using that information.
Accuracy – Individuals have the right to cause organizations to correct any inaccuracies in the data collected and used about them.
Deletion – Individuals have the right to cause an organization to delete information collected about them and to “be forgotten”.
Purpose – Individuals have the right to require organizations to only collect and use data about them within the reasonable context and purpose of the business.
Security – Individuals have the right to require organizations to keep the information they collect secure and free from access by unauthorized parties.
In the words of Douglas Adams, “Don’t Panic”.
In our next post we'll cover things you can do to minimize your exposure, minimize your costs by automating your compliance, and turn data protection into a competitive advantage for your business.
ComplyUSA (UST Global) has changed it's Privacy Notice. To access the revised notice and terms, please click here. By continuing to browse this site, you are agreeing to the revised terms.ACCEPT MORE INFORMATION
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.