The good news: Businesses have more data to work from than ever before, and business decisions based on data are more likely to be effective. The bad news: the data businesses collect is dangerous.
There are numerous regulations that might cover the data a business keeps on its customers, and as data collection volumes have increased, so have regulations stipulating how this data can be used and must be kept. Businesses that fail to follow data regulations are courting high fines and potential lawsuits.
In Europe, there is a centralized approach to data regulations. But in the U.S., businesses are left to their own devices a bit more.
“Unlike the EU, the U.S. approach to data protection and privacy is to focus on specific industries,” noted a recent white paper on U.S. data protection and regulatory compliance published by Varonis. “The disadvantage of industry-specific laws is that there isn’t necessarily a uniform definition of what constitutes personal data and the ways to protect it. However, by crafting laws to solve industry problems, the U.S. avoids a one-size-fit-all approach, and can take into account consumer’s own experiences with their data and industry knowledge and practices.”
The paper, which can be downloaded here, noted that there are five key regulatory hurdles that every business should at least be aware about: the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and the recent FTC (News - Alert) guidelines on protecting consumer data.
While the FTC guidelines are just that, “guidelines,” the Commission has stated that it can take actions against companies that “fail to abide by self-regulatory programs they join.”
Companies doing business in Europe also will want to make sure they stay on the right side of European Union Safe Harbor rules, which applies to U.S. companies that collect personal data in the E.U. and transfer it to their internal operations within the U.S.
“Companies developing plans to comply with these laws will have to take into account the vast amount of unstructured data residing outside of databases and other special-purpose applications,” noted the Varonis white paper, especially since 80 percent of corporate data is unstructured according to the report.
In light of recent regulatory rules and the FTC’s own framework for privacy controls, which places more emphasis on privacy by design, businesses need to carefully review their data access rights and how corporate data is stored. The stakes are high, and getting higher.
Edited by Maurice Nagle