On July 8, Colorado became the third US state (after California and Virginia) to pass a consumer data privacy law. As of this writing, 27 other states have some kind of legislation moving through state legislative chambers, and federal lawmakers are considering at least one data privacy bill (see Figure 1).
What’s more, the Consumer Financial Protection Bureau (CFPB) gave notice of advance rulemaking last October for regulations that would require financial institutions to grant ready access to customers’ financial data.
Figure 1: Current US data privacy laws and bills, via the International Association of Privacy Professionals)
So what does this mean for your business? If you serve customers or clients in the United States, it’s time to get serious about figuring out how you will comply with data privacy regulations and laws.
In this post, I’ll explain what data privacy laws and regulations typically require businesses to do and how businesses can stay in compliance by adopting data governance best practices.
Data Privacy Laws and Regulations: What They Require of Businesses
While the specifics of the various data privacy laws on the books (and under consideration) vary, most of them require businesses to do some version of the following:
State laws also define which businesses must comply with these laws. Typical criteria used to determine whether a business is required to stay in compliance include…
For many businesses, the prospect of complying with such laws is daunting not because following these guidelines would upend their business practices but simply because they don’t have a clear way of knowing these things about their customers and revenue.
In other words, for companies that don’t have a handle on their own data, complying with laws designed to protect their customers’ is nearly impossible. The good news is that data governance can help.
Read more in our whitepaper A Common Good: How Data Governance Benefits Companies and Protects Consumers
How Data Governance Facilitates Data Privacy Law Compliance
If you’re not familiar with the basics of data governance, the high-level summary is this: data governance involves standardizing all the data an organization has and unifying it in a single source of truth.
With data governance best practices in place, an organization can enjoy financial, operational, and customer-related benefits. Data governance also makes it much easier to comply with data privacy laws.
To understand that last point, let’s do a quick thought exercise.
Imagine a business that uses several kinds of software – a CRM, a sales enablement platform, a billing and accounts system, and a database to track its inventory. Each of these systems exists in a silo: the marketing team’s data doesn’t connect to the sales team’s, which is also separate from the accounting team’s.
If a customer of this business asked for their information to be deleted, per their rights as outlined by their state’s data privacy law, responsible parties would have to search all these databases separately to find that information and delete it. Not only that:
The result is that compliance becomes incredibly time- and resource-intensive. Organizations that struggle to keep up could face serious fines and penalties.
Now imagine an organization that has all its data stored in a single place, in a standard format. When that customer asks for their data to be deleted, all the business has to do is pull up their file and delete it once. Done. Compliance is simple.
For businesses that serve customers in California, Virginia, or Colorado, the impetus for adopting data governance best practices is clear. But what about businesses that don’t have customers in those states? I mentioned earlier that now is the time to prepare for compliance if you serve anyone in the United States. Let’s take a look at why.
The Future of Data Privacy Laws in the US
Gartner predicts that, by 2023, about two-thirds of the world’s population will be protected by data privacy laws. Already, Europeans are protected by the GDPR and Americans are increasingly protected by state laws.
The takeaway for businesses is that the movement globally is toward increased data privacy regulations. If you are not currently subject to any such regulations, there’s a good chance you will be in the near future.
That means that now is the perfect time to implement data governance best practices. By starting the process of standardizing and organizing your data now, you have a much better chance of being prepared to easily comply with the data regulations that will almost certainly affect you in the near future.
How to Implement Data Governance Best Practices
If you aren’t sure how or where to start the process of introducing data governance best practices, you’re in the right place. My Apexon colleagues and I have experience implementing data governance best practices to businesses of all sizes in a variety of industries.To better understand how we can help you implement data governance so that you’re prepared to comply with data privacy laws, get in touch. I’d love to hear about your situation.