In today’s world of big data coupled with numerous media alerts on data breaches containing Personally Identifiable Information (PII), everyone is on edge.
In 2018, at least 11 U.S. states passed new or updated laws related to data privacy regulations. All 50 U.S. states (and U.S. territories) now have laws which require government and private sector entities to safeguard PII.
On May 25, 2018, the EU passed the most sweeping law in this category, the General Data Protection Regulation (GDPR). GDPR is the 800-pound gorilla in the room and many analysts predict this will ultimately lead to a U.S. federal regulation in the near future.
California recently passed the most progressive U.S. state law to date, the Consumer Privacy Act. Alabama implemented its first data breach notification law, Virginia added tax information to its privacy regulations and Colorado’s Protection for Consumer Data Privacy Act took effect September 1, 2018. The magnitude in which these laws can impact businesses is rapidly growing each year.
In order to protect your employee’s, customer’s and other individual’s data, you need to address data privacy head-on. As state and federal laws morph and become more stringent, how will you keep up and stay compliant?
Implementing frameworks such as NIST 800-53r4 provides a path to secure all your data assets and in most cases will take you beyond the requirements of any laws. Stinnett’s Cybersecurity and Data Privacy consultants work with many of our clients to map out and identify gaps in frameworks so that organizations can define a path to success when it comes to data privacy.
Our team specializes in risk assessments to identify critical data and where it lives in your IT ecosystem, which in turn identifies critical paths to implement control environments for data protection.
Interested in learning more about your states data privacy laws? Visit the National Conference of State Legislatures for more information.
Jeremy Price is a Senior Manager and practice lead for Stinnett & Associates Cybersecurity and Data Privacy Consulting & Advisory Services. He has over 20 years of IT experience, focusing on infrastructure technologies business management. Jeremy is a Certified Information Systems Auditor (CISA), a Microsoft Certified Systems Engineer (MSCE) and an Associate Business Continuity Professional (ABCP). He is also a member of the Institute of Internal Auditors (IIA), Information Systems Audit and Controls Association (ISACA), Disaster Recovery Institute International (DRII) and InfraGard.