Tougher data regulation will come in 2019 for the US, lawyers say

Legislators in the States have been trying to push data privacy laws for a number of years, but changes may finally arrive amid a global shift in attitudes to cyber security, the Corporate Counsel website reports.

 This is the view of Intel’s head of US government affairs, Lisa Malloy, who feels 2019 may be the year for “federal data privacy legislation” to be passed.

Consumer awareness about the importance of safeguarding personal details online increased through 2018 in the run-up to the EU’s General Data Protection Regulations (GDPR) which brings new powers to regulators to punish organisations found guilty of a data breach.

This year has also seen high-profile incidents of data privacy being compromised, with scandals such as Facebook / Cambridge Analytica blowing the lid on the risks of associated with irresponsible or unethical use of personal data.

In response to a climate of heightened data security across all levels, legislators, trade organisations and tech firms have responded with efforts to pass new data privacy laws. This is in stark contrast to the efforts of US Senator Patrick Leahy, whose bill for the Personal Data Privacy and Security Act of 2009 attracted not a single floor vote.

As different states implement bespoke data legislation, David Hoffman, associate general counsel and global privacy officer at Intel, speculates that it’s “the patchwork [regulation] issue that people most worry about.”

In Congress, legislators are making attempts to rectify this patchwork nature by working towards overarching law governing data privacy and cyber security.

For example, the Application Privacy, Protection and Security Act of 2018 would bring new control over the collection and securing of data on mobile devices. The Data Broker Accountability and Transparency Act of 2018 would put pressure on data brokers to adhere to new procedures for accessing and correcting collected information.

The technology sector has shown similar application, publishing their own views and model legislation for privacy and security. California’s Privacy Act and Europe’s GDPR have been highlighted as key inspirations for this change of tack by the big tech names.

In early November of this year, Intel published a draft proposal to encourage discussion on data privacy, and will release a second draft of the bill in 2019 based on feedback.

Alphabet Inc., the multinational conglomerate which is also the parent firm of Google refers its views on the issue to a post written by chief privacy officer Keith Enright, who stated that organisations that “misuse consumer data should be held responsible and that a consumer’s power to control their own personal data should not be difficult.”

Apple boss Tim Cook addressed the 40th International Conference of Data Protection and Privacy Commissioners in Brussels in October. He spoke of the “fundamental human right” of data privacy and called for a “comprehensive federal privacy law” in the US.

If organisations in the USA have dedicated resources to preparing for the GDPR, David Hoffman has called for a legislation that focuses on America’s needs.

“We don’t need a version of the GDPR. We need a law for the US with our unique culture and ethos of innovation and entrepreneurship in mind,” he said.

With attitudes to data privacy clearly changing on the opposite side of the pond, 2019 will be an exciting and decisive year for data privacy, a year in which all the talk and high-profile headlines of 2018 looks set to translate into action.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.