The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO’s favourite weekly read ☕️

The state of US data privacy law compliance

In May 2017, the world of data privacy was irreparably changed when four members of the Chinese military hacked into credit-reporting company Equifax, exposing the personal information of nearly 150 million Americans.

Since then, the GDPR has changed the way businesses look at compliance.

But the US is also facing drastic changes.

The CCPA has been passed, and four additional states are currently weighing up similar legislation to protect consumer privacy.

But what do executives at top American businesses think about the privacy landscape?

Well, according to a new report into what US companies think about consumer privacy:

Companies often feel they are ready for compliance, but that optimism starts to fade when it comes to applying the often unsettled regulations and granular tactics they need to effectively prepare.

Regular readers will know I’ve been screaming this from the rooftops for a while now. But the report did share some interesting findings, such as:

• Over 60% of respondents say their companies are very prepared to meet new compliance standards. But, when pushed on which actions they have actually taken, less than half say they have completed the key steps to achieve this.

• The biggest problems when addressing compliance is a lack of available staff (39%) and the inability to track changes and differences in regulations (60%).

• 59% of respondents are using biometric data, but less than 60% of these have developed compliance plans for this type of data.

Is there then a significant disparity between what executives think is happening in their business operations and the implementation of compliance?

Let’s call this the skewered perception of compliance.

The full report is definitely worth a read.

Data protection takes time

The Jamaican Data Protection Act comes into effect in November 2023.

Why is that relevant?

Well, a lawyer who is well versed in the law has said that business owners should move quickly as it takes “no less than ten months” to become compliant.

This act is through to dig deeper than the GDPR. But this misses the point.

The point is that data protection takes time.

And the landscape is moving so quickly that businesses need to start this process before they scale.

As this article rightly points out:

A fast-paced growth environment brings about a number of challenges, including protecting customer-centric sensitive data.

As I mentioned last week, new regulations are coming into effect rapidly. Take the Jamaican example - before 2010, only four territories in the region had comprehensive data protection laws. Now there are over 15, and this is growing.

That’s why it’s imperative to start compliance now. Try and implement a system before you scale. One that will help you adapt to changing regulations around the globe.

In other privacy news

• UH OH, Google is in the news regarding personal data. A sign-up process has been the subject of many GDPR complaints, whilst the company has said that it plans to delete location history data for sensitive places such as abortion clinics.

• The California Department of Justice has exposed the personal information of over 100,000 gun owners.