There is a huge focus on data and in particular data protection not only in the U.S. but around the world. Along with data protection, another big area where there’s a lot of attention is on the use of big data in business, government and by other organizations. In order to be competitive and move forward, organizations need access to big data. As part of that access, organizations are responsible for ensuring it’s secured, but also managing it and storing it in a way that’s without silos and is streamlined.
“Before you can take advantage of all the actionable insights your data assets can offer, you must consolidate these critical information sources into a single metadata repository,” according to Unifi, a company offering data catalogs.
A big issue faced by a lot of organizations is balancing the need for accessibility of data with privacy regulations and laws. If you’re a U.S.-based company or organization, what should you know about current data regulations and protections in the U.S.?
Limitations of U.S. Law
Throughout the world, there are in-depth information privacy laws and data protection laws in place. These laws govern how information is disclosed as well as the use of information about private individuals.
More than 80 countries and territories throughout the world have adopted stringent data protection laws.
The European Union most recently introduced sweeping and comprehensive legislation regarding data protection. It’s called the General Data Protection Regulation or GDPR, in place since May 2018.
The United States contrasts with most countries around the world because there isn’t a yet a comprehensive privacy law in place. However, there are limited laws that are in place in particular areas.
How Do People in the U.S. Feel About Data Protection?
While there isn’t broad legislation yet, that doesn’t mean that some people in the U.S. aren’t pushing for it.
A study from the Pew Research Center showed that half of all people in America believe their personal information is less secure than it was five years ago. This comes as many massive companies have gone through devastating breaches in recent years including Equifax.
Deep Roots Analytics’ accidentally leaked the personal information of almost two hundred million voters in the U.S. and Uber try to cover up their breach which was believed to affect tens of millions of customer accounts.
What the U.S. has in place of broad legislation regarding data privacy and protection is instead sector-based laws that are pretty limited in their scope.
One example is the well-known Health Insurance Portability and Accountability Act or HIPAA. This is the main law in the U.S. that covers the privacy and protection of health-related data and information. There are also certain even more specific areas of healthcare that are subject to certain laws and regulations regarding privacy.
Some states have independently acted to create and enforce data and information privacy laws. California introduced a law regarding data breach notifications back in 2003. They were the first state to do so. Since that time, almost every state has introduced its own laws requiring that individuals are notified if their personal information could be compromised.
California has been leading the way for quite a while in terms of data privacy and protection, and they recently announced they were signing the California Consumer Privacy Act into law. It’s similar in many ways to GDPR, and it’s the first like it to be introduced in the U.S.
There has been an effort to move the U.S. more in the direction of Europe and the GDPR. U.S. companies are already abiding by the stipulations of this law in many cases because it applies to all EU members and it doesn’t matter where the data is actually collected.
Beyond that, the Department of Commerce in the U.S. has been working toward more comprehensive ways of addressing data privacy. However, the presidential administration has also said that in doing so, they want to also balance the needs of businesses and they’ve been critical of moves by Europe, citing concerns it could hamper commerce and trade to have such broad data privacy laws in place.
Experts on the subject feel that the future of something similar to GDPR is still uncertain in the U.S. because in general there are attitude and culture differences that could make widespread support for such a sweeping piece of legislation difficult to obtain. Even without a federal law, more states are likely to make a move toward tougher regulations guiding how data is obtained, used, stored and accessed.