General Data Protection Regulation (GDPR)
Since the advent of the European Union's bold General Data Protection Regulation (GDPR) privacy is an important imperative when it comes to controlling or processing a person's personally identifiable information. Subsequently privacy management has become a new paradigm shift for doing business.
In addition to legacy data protection legislation such as HIPAA, SOX, Gram-Leach-Bliley, FERPA, or PCI-DSS, organizations are being challenged to comply with a new breed of privacy advocacy vehicles such as the GDPR in the EU and U.S. domestic laws such as the California Consumer Privacy Act (CCPA).
GDPR Spotlight 2018
On May 25, 2018 the European Union ushered in a new era in privacy legislation. The General Data Protection Regulation, or GDPR stipulates that for "data subjects", privacy is a natural right and must be safeguarded by data controllers and data processors through provable secure business processes. Failure to enact due care and due diligence toward this effect can exact penalties of up to €20 million or 4% of an organization's annual gross revenue, whichever is higher, in the event of a data breach.
GDPR Has Implications Beyond Europe
The GDPR applies to companies and organizations that conduct business in the European Union itself, as well as to the processing of personal data of EU data subjects regardless of where the processing takes place.
Is Data Protection Privacy or Security?
Managing privacy is a complex business discipline that combines requirements for processes that each play a role in the way data is captured, stored, used, maintained and disposed of. Since security is fundamentally based upon the principle of confidentiality, integrity and availability, privacy and security become the cornerstones of a data privacy compliance strategy. Accommodating this change comprises people, technology and measurement.
Source: Sirius Decisions
One of many commonalities among recent privacy legislation throughout the world is that the context privacy can vary depending on the specifics of the regulation. In general terms, personal data means any information that specifically points to a natural individual or "data subject." This can be a social security number, birthdate, or physical address, but can also be in the digital realm such as an email, IP address, or cookie. It can also be a video, photograph, or fingerprint.
Security plays an important role in protecting private information. Consider recognized risk management and security control frameworks such as the NIST Framework for Improving Critical Infrastructure Cybersecurity or the ISO-IEC 27000 series here in the U.S. which, if implemented and maintained adequately, can support an organization's compliance strategy.
CCPA Spotlight 2018
From a US domestic perspective, California is one of the first states in the US to draft legislation that protects state residents' private data by binding companies that buy and sell consumer personal data that can result from a transactional relationship with a business to a statutory vehicle that in the end protects data subjects. Signed into law on July 28, 2018, the California Consumer Privacy Act (CCPA) is primarily focused on the collection and sale of consumer personal information and states in part: "fundamental to this right of privacy is the ability of individuals to control the use, including the sale, of their personal information." It will officially go into effect on January 1, 2020.
How Canon Solutions America Can Help
Canon Solutions America can help business and organizations of any size or industry develop and maintain a comprehensive privacy management program. Our mission is to provide information, solutions, and services to help you facilitate your organization's privacy management initiatives. We maintain a large and diverse solutions and services portfolio and can provide technology to help you automate and secure your company and your customer information that flows both inside and outside of your perimeter.
We can also provide consultants to help you either get started in your privacy management program, find gaps and remediate a problem in an existing program and even provide incidence response, all though our alliance with cybersecurity and privacy professionals.
International privacy laws and regulations1:
- Australia: Privacy Act
- Brazil: Brazilian Internet Law
- Canada: Canada's Anti-Spam Legislation
- EU: EU GDPR
- Germany: Online Privacy Law
- India: Data Protection 2018
- Japan: Personal Information Protection Commission
1Note: This is not an exhaustive listing and is subject to updates
Let us know how we can help. Please complete the contact information form and a representative will be in contact with you soon.