Despite their importance, not everyone knows what data privacy laws are. In short, data privacy laws are all about prohibiting the disclosure or misuse of information of private individuals, and being compliant with data privacy laws is extremely important.
To date, there are over 80 countries that have varying degrees of data security laws in place. Most noteworthy is the European Union's recent enactment of the General Data Protection Regulation (GDPR). The United States, on the other hand, is somewhat notorious for not having a similar, comprehensive set of data privacy laws, but instead, some limited sectoral laws in some areas, based on the Fair Information Practice.
Basic Principles of Data Privacy
Despite the differences that may occur, some basic principles apply everywhere in the US.
- There needs to be a stated purpose for all data collected.
- The data collected cannot be disclosed to other individuals or organizations unless authorized by law or by consent.
- Record keeping should be accurate and up-to-date.
- There need to be specific mechanisms that will allow private individuals to review their data to ensure its accuracy.
- When the stated purpose is no longer relevant or needed; delete all the collected data.
- It is prohibited to send data where the same data privacy laws do not apply.
- Except for some extreme circumstances, data such as religion or sexual orientation cannot be collected.
Special Conditions for SMEs
SMEs are concerned whether they are, in fact protecting their client's data and whether they are in compliance with Data Privacy Laws. Here are several other conditions/reasons why SMEs are concerned.
- Their IT budgets may not be big enough or may be lacking the specialized workforce to implement sophisticated security solutions correctly.
- SMEs may be using cloud-based services
- Even if the cloud provider may handle the data, the responsibility to provide security still falls on the SME.
What's more, many of these businesses may not even be aware that they use cloud-based services - in which case they need to comply with these regulations. If you are using Gmail or Outlook.com, you are using the cloud.
All of the requirements presented above will only become more binding and rigorous with time, right alongside the seriousness of the data breaches, themselves.
It is also important to remember that a data breach can also cause more damage to a business than the direct value of the loss. First, there are the personnel costs related to the recovery. Then, we have others such as post-incident costs used for improving customer relations, the brand image, the investigation, plus the many years needed to protect your customer's credit.
The legal costs involved, such as fines, fees, and civil suits should also be mentioned here. Also, let's not forget about the value of lost customers which can quickly send an SME out of business.
Going forward, SMEs need to remember that there are many clearly defined requirements, both legal and financial, for providing adequate protection for your clients' data. As times goes on and digital threats become more and more prevalent, security measures will become more stringent, while providing data security will become another cost of doing business.
If you want to keep yourself up-to-date, please feel free to check out our website. Our IT professionals and engineers have 23 years of combined experience and are more than qualified to find solutions to all of your security concerns. Contact us today to schedule an assessment.
September 17, 2018
Data Loss and Privacy Laws
In today’s modern interconnected world, it’s almost impossible to work […]LEARN MORE