Privacy Laws Are Changing Compliance
Most companies have some sort of regulation they need to stay compliant to, and 2020 seems to be a landmark year. This year, companies have to deal with end-of-life upgrades, the development of new privacy laws, as well as the existing regulatory landscape. Let’s take a look at why compliance is important and what to expect in the year ahead.
Before we get into regulatory compliance, we should mention that compliance with company-wide regulations (that presumably you’ve set up for a reason) are not exempt when considering your business’ compliance responsibilities. Knowing what mandates you need to adhere to provides a business the ability to build processes that work, manage their team’s output more comprehensively, and promotes compliance with regulations that you don’t have any say in.
Regulations to Meet
Most times, when we talk about needing stay compliant, we’re talking about compliant with the ethics-based regulations that help define fair enterprise in society. Since organizations create, collect, and use data, and people are often greedy, regulations are an in place as a deterrent. They often come with the type of penalties that responsible managers want to completely avoid.
These regulations are governed by federal, state, and industry legislative bodies; and, if not met, can present major problems for an organization. Businesses can be fined, and depending on the regulation, worse.
Staying compliant with your internal regulations may not carry with them the penalties that failing to remain compliant with federal, state, industry, or local regulations do, but since presumably your organization's decision makers came up with the regulations for a reason, not staying compliant can have a negative effect on your business' operational effectiveness.
Push For Data Privacy
Over the past few years, consumers have become more active in their attempts to take control over their personal information. Most regulations have been concocted to protect against abuse of power. In the case of individual data privacy, there is now a pretty consistent push by regulatory bodies to circumvent the misuse of individual data. This has been met with resistance from major technology companies that have been using personal information to improve their products for years.
The first main data privacy regulation was enacted in the European Union a couple of years back. The General Data Protection Regulation (GDPR) basically just shifted the power of data to the European consumer for the very first time. Today, its prevalence is forcing businesses, that typically used consumer data with impunity, to make serious adjustments in the way that they manage their consumers’ data.
Additionally, the establishment of the GDPR has brought the issue to the forefront in many other parts of the world. In the United States, for example, there are currently several proposed regulations that would shift the way that companies can use an individual’s data. The Customer Online Notification for Stopping Edge-Provider Network Transgressions (CONSENT) Act is currently a proposed law in the U.S. that would grant stronger privacy rights to individuals. If the Act passes, any business website or app would have to get consent before using, sharing, and selling individual’s data with opt-in agreements rather than the standard opt-out clauses you find on websites today. They’d have to enhance their systems for monitoring the type of data they collect on website visitors; and, best yet, they’d have to provide a detailed list of data collected and its use to the company.
While the CONSENT Act would be a major shift in the ways that companies in the U.S. would be regulated online, it’s not the only proposed law. Another proposed law, the Data Acquisition and Technology Accountability and Security (DATAS) Act would create a federal standard for breach notification. Currently, each state has its own version, but under the DATAS Act, if you were a victim of a corporate data leak, they would have a mandated responsibility to notify you.
As mentioned at the outset, most companies already have some type of compliance standard they need to meet. Whether it is HIPAA, PCI DSS, or some other standard, knowing exactly what you need to do to stay compliant is important. For the average business, compliance is as simple as fulfilling the following steps:
- Stay in Good Standing - In order to do business in any given state, you will need a Certificate of Good Standing. This is issued by your state and requires your business to be registered as a legal entity in your state, current on tax filings and other obligations, and not suspended by the state.
- Be Aware of Any Laws that Govern Your Business - Laws are constantly changing and may affect your business in different ways. Keeping abreast on the latest regulations (and any alterations to previously-standing regulations) will go a long way toward putting you in a position to maintain compliance.
- Keep Your Contacts Updated - It’s essential to keep your business contacts list up to date. This strategy helps by having contacts on hand so that you can handle important issues that might arise.
- Follow Best Practices - There’s a way a compliant company does things, and then there’s a way other companies do things. Things like appointing a compliance officer, joining industry-based organizations, learning more about data security, compliance, and business transparency, and other practices can present the organizational knowledge necessary to stay compliant.
Staying compliant is a process, not a singular task. If you would like help with compliance, call our knowledgeable consultants today at (360) 528-6017.