Article

Best Practices for Complying with Data Privacy Laws

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,184 viewsSign in to rate
As Califo ia goes, so does the rest of the country. While the Califo ia Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American GDPR,” it clearly tore many pages from the far-reaching European data privacy law. Similar to the GDPR, the CCPA defines personal identifying information rather broadly, encompassing not just names and Social Security Numbers but things like IP addresses and browser cookies. As the Feds Drag Their Feet, States Press On Unlike the GDPR, the CCPA is not a national data privacy law. It applies only to residents of Califo ia, and only when they are physically present in Califo ia. If a Califo ia resident shares their data while on vacation in Florida, the CCPA does not apply. However, the state is an economic jugge aut that exerts influence far beyond its own borders. Califo ia is home to 12% of the U.S. population and is the world’s fifth-largest economy, surpassing the United Kingdom. Additionally, the CCPA was passed in an era where massive data breaches occur daily, and consumers are growing increasingly conce ed about what data companies are collecting on them, why, and what is being done with it. Nearly three-quarters of internet-using U.S. households have data privacy and security conce s, and at least one-third have been deterred from certain online activities due to these fears. The federal government has been slow to act on data privacy, so states have taken matters into their own hands. The CCPA, along with the GDPR, prompted a flurry of new and amended state-level data privacy legislation in 2018. All 50 U.S. states, along with Washington, D.C., Puerto Rico, the U.S. Virgin Islands. and Guam, now have data breach notification laws on the books. If a patchwork quilt of state-level laws with varying requirements sounds like a data privacy compliance nightmare, consider this: It turns out Califo ia was only getting started with the CCPA. In September, it became the first state to pass a cyber security law specifically regulating IoT devices, requiring that all manufacturers of smart devices located in Califo ia, or those who have devices manufactured on their behalf for sale in Califo ia, equip their devices with “reasonable” security features. Consumer anger over data privacy violations and organizational hand-wringing over the logistics of complying with dozens of different state laws (in addition to the GDPR, HIPAA, PCI DSS, and other mandates) appear to have finally lit a fire under the feds’ feet. In a September 26 Congressional hearing on data privacy, every member of the Senate Commerce Committee, Democrat and Republican, agreed with six major tech and telecom companies that a federal data privacy framework is needed. NIST has launched a collaborative project to develop a voluntary privacy framework, and in a separate project, the NTIA has published a request for public comment in the Federal Register on a set of data privacy principles to inform a domestic legal and policy approach to consumer data privacy. Complying with Today’s Data Privacy Laws—and Tomorrow’s Good data privacy is good business. When designing and implementing data privacy protocols and procedures, organizations shouldn’t try to skate by on the minimum requirements; look to go beyond them. Best practices to follow include: * Develop and maintain clear, concise data governance, security, and privacy policies and procedures, and put them in writing. Because legislation, technology, and the cyber threat environment are in constant flux, periodically review your organization’s policies and procedures and update them as necessary. * Practice proactive cyber security principles. Most data breaches and other cyber attacks can be prevented. Practice minimal data collection and storage. If you don’t absolutely need a piece of information about a customer or an employee, do not collect it. * Develop clear, written processes and procedures to handle customer inquiries regarding their data, such as requests to opt out of data collection or data sharing. * Build an organizational culture of security and privacy from the top down. Ensure that all employees are properly and continuously trained on data security, governance, privacy, and compliance. * Develop a comprehensive incident response plan, including a data breach notification protocol. * Don’t rely on spreadsheets or other manual processes for data security, governance, risk management, and compliance. Use a GRC automation solution.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026