January 25, 2022

Data Privacy Week, January 24-28, is an annual campaign to raise awareness of protecting data privacy and information security, one of the most important workplace trends in 2022. This year’s theme, ‘Keep It Private,’ underscores the need for  organizations to stay up to date with new laws and regulations, and recognize the growing concern among consumers about how their personal data is collected, used and sold.

Important data privacy laws include:

The California Consumer Privacy Act (CCPA)

Every organization doing business in California needs to understand the CCPA, which gives individuals living in the state more control over how businesses collect, use, share and sell their personal information. This includes the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors.

Among the law’s requirements, for-profit businesses that meet certain criteria must provide CCPA training to employees who handle consumer inquiries about company privacy practices; and to anyone responsible for the business’s CCPA compliance.

Looking ahead to 2023, organizations should prepare for amendments to CCPA, and new data protection laws in Virginia (the Virginia Consumer Data Protection Act) and Colorado (the Colorado Privacy Act). Further, more than a dozen other US states have pending legislation dealing with privacy rights.

General Data Protection Regulation (GDPR)

The GDPR, which has been in force since 2018, applies to the personal information of residents across the European Economic Area or EEA. The EEA includes countries in the European Union — plus Norway, Liechtenstein and Iceland. 

GDPR applies to any organization located anywhere in the world, if it either: 

  • Processes the personal data of EEA citizens or residents, or
  • Offers goods or services to EEA citizens or residents, or 
  • Uses web tools that track cookies or the IP addresses of website visitors from EEA countries.

Beyond the GDPR, China, Brazil and Canada are among other countries that have passed data privacy laws that are or soon will become effective.

How can organization prepare?

Organizations should develop a multi-pronged approach to complying with evolving data privacy laws and regulations and ensuring that effective systems, procedures, practices and training are in place to prevent breaches and cyber attacks that can result in significant fines, reputational damage and loss of customer trust.  

Training employees on how to properly use and protect information and recognize and avoid data security threats is a key element of an effective data privacy and information security compliance program. By raising awareness of security policies and guidelines and the importance of asking questions and reporting concerns, training helps organizations protect confidential information and foster a cyber secure workplace.

Traliant Insight

Data Privacy Week is an opportunity for organizations to promote ongoing efforts to safeguard the personal information of consumers. Beyond taking steps to secure systems, providing ongoing data privacy and information security training to all employees is key to keeping information out of the hands of criminals and devices and networks safe.